diff --git a/examples/go.mod b/examples/go.mod index 5b8dd3a1644..66b85c2d132 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -317,7 +317,7 @@ require ( github.com/pulumi/esc v0.6.2 // indirect github.com/pulumi/pulumi-terraform-bridge/v3 v3.74.0 // indirect github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.7 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.105.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.106.0 // indirect github.com/pulumi/terraform-diff-reader v0.0.2 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/rogpeppe/go-internal v1.11.0 // indirect @@ -377,3 +377,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.78.2-0.20240217023359-fdf6fcf8c6df + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.106.1-0.20240217023359-fdf6fcf8c6df diff --git a/examples/go.sum b/examples/go.sum index 56395eea054..791e22904da 100644 --- a/examples/go.sum +++ b/examples/go.sum @@ -2486,10 +2486,10 @@ github.com/pulumi/pulumi-terraform-bridge/v3 v3.74.0 h1:cVsqcIJqgCosq9ib0rUyUBLE github.com/pulumi/pulumi-terraform-bridge/v3 v3.74.0/go.mod h1:WOKqq+pzEXcfoXbGPd4weBFIY6RQjzlKO365LPHKrB8= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.7 h1:Z9vmfVTW0QtJrWh+DRR3UKiRZX23f45lFtdhQiUHEqE= github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.7/go.mod h1:T9zHpTHyVz2EyobzByFFpjfqgGtXO4C4bNqC0j29D2I= -github.com/pulumi/pulumi/pkg/v3 v3.105.0 h1:bJG1vUiYH2gDF1pfBKlIABDNoJD2LvU1LmjjL+EbvuM= -github.com/pulumi/pulumi/pkg/v3 v3.105.0/go.mod h1:eZAFEFOwE/skElTfwetfyTxPebmWr5vOS5NSU9XwlVw= -github.com/pulumi/pulumi/sdk/v3 v3.105.0 h1:OKEeubZigWyQVnZS6udnFnZHZ/8OWXuUYv9ir3OY+vs= -github.com/pulumi/pulumi/sdk/v3 v3.105.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= +github.com/pulumi/pulumi/pkg/v3 v3.78.2-0.20240217023359-fdf6fcf8c6df h1:LYg0zgngmptXy2B7bZQGHRcTsXsTP/KBRPzGY9aMgb8= +github.com/pulumi/pulumi/pkg/v3 v3.78.2-0.20240217023359-fdf6fcf8c6df/go.mod h1:sZMGEPMp2sLbB0PEyrPWDvAX+W2AwOptAKnKOHyX01k= +github.com/pulumi/pulumi/sdk/v3 v3.106.1-0.20240217023359-fdf6fcf8c6df h1:MFIXR2vzpLwM7gcu5O4cxeSFRiKdGX2zMEoMtjgBrf8= +github.com/pulumi/pulumi/sdk/v3 v3.106.1-0.20240217023359-fdf6fcf8c6df/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= github.com/pulumi/terraform-diff-reader v0.0.2/go.mod h1:sZ9FUzGO+yM41hsQHs/yIcj/Y993qMdBxBU5mpDmAfQ= github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20240202163305-e2a20ae13ef9 h1:k3SdGlmaJ49yaRV79Ktb5KGdPvuNfeiv4+oHXN+wyhs= diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json index f3ace1bebba..0fb5ac036e3 100644 --- a/provider/cmd/pulumi-resource-aws/schema.json +++ b/provider/cmd/pulumi-resource-aws/schema.json @@ -155765,7 +155765,7 @@ } }, "aws:apigateway/domainName:DomainName": { - "description": "Registers a custom domain name for use with AWS API Gateway. Additional information about this functionality\ncan be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).\n\nThis resource just establishes ownership of and the TLS settings for\na particular domain name. An API can be attached to a particular path\nunder the registered domain name using\nthe `aws.apigateway.BasePathMapping` resource.\n\nAPI Gateway domains can be defined as either 'edge-optimized' or 'regional'. In an edge-optimized configuration,\nAPI Gateway internally creates and manages a CloudFront distribution to route requests on the given hostname. In\naddition to this resource it's necessary to create a DNS record corresponding to the given domain name which is an alias\n(either Route53 alias or traditional CNAME) to the Cloudfront domain name exported in the `cloudfront_domain_name`\nattribute.\n\nIn a regional configuration, API Gateway does not create a CloudFront distribution to route requests to the API, though\na distribution can be created if needed. In either case, it is necessary to create a DNS record corresponding to the\ngiven domain name which is an alias (either Route53 alias or traditional CNAME) to the regional domain name exported in\nthe `regional_domain_name` attribute.\n\n\u003e **Note:** API Gateway requires the use of AWS Certificate Manager (ACM) certificates instead of Identity and Access Management (IAM) certificates in regions that support ACM. Regions that support ACM can be found in the [Regions and Endpoints Documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#acm_region). To import an existing private key and certificate into ACM or request an ACM certificate, see the `aws.acm.Certificate` resource.\n\n\u003e **Note:** The `aws.apigateway.DomainName` resource expects dependency on the `aws.acm.CertificateValidation` as\nonly verified certificates can be used. This can be made either explicitly by adding the\n`depends_on = [aws_acm_certificate_validation.cert]` attribute. Or implicitly by referring certificate ARN\nfrom the validation resource where it will be available after the resource creation:\n`regional_certificate_arn = aws_acm_certificate_validation.cert.certificate_arn`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Edge Optimized (ACM Certificate)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDomainName = new aws.apigateway.DomainName(\"exampleDomainName\", {\n certificateArn: aws_acm_certificate_validation.example.certificate_arn,\n domainName: \"api.example.com\",\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"exampleRecord\", {\n name: exampleDomainName.domainName,\n type: \"A\",\n zoneId: aws_route53_zone.example.id,\n aliases: [{\n evaluateTargetHealth: true,\n name: exampleDomainName.cloudfrontDomainName,\n zoneId: exampleDomainName.cloudfrontZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_name = aws.apigateway.DomainName(\"exampleDomainName\",\n certificate_arn=aws_acm_certificate_validation[\"example\"][\"certificate_arn\"],\n domain_name=\"api.example.com\")\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"exampleRecord\",\n name=example_domain_name.domain_name,\n type=\"A\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=True,\n name=example_domain_name.cloudfront_domain_name,\n zone_id=example_domain_name.cloudfront_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDomainName = new Aws.ApiGateway.DomainName(\"exampleDomainName\", new()\n {\n CertificateArn = aws_acm_certificate_validation.Example.Certificate_arn,\n Domain = \"api.example.com\",\n });\n\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"exampleRecord\", new()\n {\n Name = exampleDomainName.Domain,\n Type = \"A\",\n ZoneId = aws_route53_zone.Example.Id,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = true,\n Name = exampleDomainName.CloudfrontDomainName,\n ZoneId = exampleDomainName.CloudfrontZoneId,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomainName, err := apigateway.NewDomainName(ctx, \"exampleDomainName\", \u0026apigateway.DomainNameArgs{\n\t\t\tCertificateArn: pulumi.Any(aws_acm_certificate_validation.Example.Certificate_arn),\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleRecord\", \u0026route53.RecordArgs{\n\t\t\tName: exampleDomainName.DomainName,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t\tName: exampleDomainName.CloudfrontDomainName,\n\t\t\t\t\tZoneId: exampleDomainName.CloudfrontZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainName = new DomainName(\"exampleDomainName\", DomainNameArgs.builder() \n .certificateArn(aws_acm_certificate_validation.example().certificate_arn())\n .domainName(\"api.example.com\")\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(exampleDomainName.domainName())\n .type(\"A\")\n .zoneId(aws_route53_zone.example().id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(exampleDomainName.cloudfrontDomainName())\n .zoneId(exampleDomainName.cloudfrontZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomainName:\n type: aws:apigateway:DomainName\n properties:\n certificateArn: ${aws_acm_certificate_validation.example.certificate_arn}\n domainName: api.example.com\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n properties:\n name: ${exampleDomainName.domainName}\n type: A\n zoneId: ${aws_route53_zone.example.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${exampleDomainName.cloudfrontDomainName}\n zoneId: ${exampleDomainName.cloudfrontZoneId}\n```\n{{% /example %}}\n{{% example %}}\n### Edge Optimized (IAM Certificate)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\n\nconst exampleDomainName = new aws.apigateway.DomainName(\"exampleDomainName\", {\n domainName: \"api.example.com\",\n certificateName: \"example-api\",\n certificateBody: fs.readFileSync(`${path.module}/example.com/example.crt`, \"utf8\"),\n certificateChain: fs.readFileSync(`${path.module}/example.com/ca.crt`, \"utf8\"),\n certificatePrivateKey: fs.readFileSync(`${path.module}/example.com/example.key`, \"utf8\"),\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"exampleRecord\", {\n zoneId: aws_route53_zone.example.id,\n name: exampleDomainName.domainName,\n type: \"A\",\n aliases: [{\n name: exampleDomainName.cloudfrontDomainName,\n zoneId: exampleDomainName.cloudfrontZoneId,\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_name = aws.apigateway.DomainName(\"exampleDomainName\",\n domain_name=\"api.example.com\",\n certificate_name=\"example-api\",\n certificate_body=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.crt\"),\n certificate_chain=(lambda path: open(path).read())(f\"{path['module']}/example.com/ca.crt\"),\n certificate_private_key=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.key\"))\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"exampleRecord\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n name=example_domain_name.domain_name,\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=example_domain_name.cloudfront_domain_name,\n zone_id=example_domain_name.cloudfront_zone_id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDomainName = new Aws.ApiGateway.DomainName(\"exampleDomainName\", new()\n {\n Domain = \"api.example.com\",\n CertificateName = \"example-api\",\n CertificateBody = File.ReadAllText($\"{path.Module}/example.com/example.crt\"),\n CertificateChain = File.ReadAllText($\"{path.Module}/example.com/ca.crt\"),\n CertificatePrivateKey = File.ReadAllText($\"{path.Module}/example.com/example.key\"),\n });\n\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"exampleRecord\", new()\n {\n ZoneId = aws_route53_zone.Example.Id,\n Name = exampleDomainName.Domain,\n Type = \"A\",\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = exampleDomainName.CloudfrontDomainName,\n ZoneId = exampleDomainName.CloudfrontZoneId,\n EvaluateTargetHealth = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomainName, err := apigateway.NewDomainName(ctx, \"exampleDomainName\", \u0026apigateway.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t\tCertificateName: pulumi.String(\"example-api\"),\n\t\t\tCertificateBody: readFileOrPanic(fmt.Sprintf(\"%v/example.com/example.crt\", path.Module)),\n\t\t\tCertificateChain: readFileOrPanic(fmt.Sprintf(\"%v/example.com/ca.crt\", path.Module)),\n\t\t\tCertificatePrivateKey: readFileOrPanic(fmt.Sprintf(\"%v/example.com/example.key\", path.Module)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleRecord\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tName: exampleDomainName.DomainName,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: exampleDomainName.CloudfrontDomainName,\n\t\t\t\t\tZoneId: exampleDomainName.CloudfrontZoneId,\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainName = new DomainName(\"exampleDomainName\", DomainNameArgs.builder() \n .domainName(\"api.example.com\")\n .certificateName(\"example-api\")\n .certificateBody(Files.readString(Paths.get(String.format(\"%s/example.com/example.crt\", path.module()))))\n .certificateChain(Files.readString(Paths.get(String.format(\"%s/example.com/ca.crt\", path.module()))))\n .certificatePrivateKey(Files.readString(Paths.get(String.format(\"%s/example.com/example.key\", path.module()))))\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .zoneId(aws_route53_zone.example().id())\n .name(exampleDomainName.domainName())\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(exampleDomainName.cloudfrontDomainName())\n .zoneId(exampleDomainName.cloudfrontZoneId())\n .evaluateTargetHealth(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomainName:\n type: aws:apigateway:DomainName\n properties:\n domainName: api.example.com\n certificateName: example-api\n certificateBody:\n fn::readFile: ${path.module}/example.com/example.crt\n certificateChain:\n fn::readFile: ${path.module}/example.com/ca.crt\n certificatePrivateKey:\n fn::readFile: ${path.module}/example.com/example.key\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n properties:\n zoneId: ${aws_route53_zone.example.id} # See aws_route53_zone for how to create this\n name: ${exampleDomainName.domainName}\n type: A\n aliases:\n - name: ${exampleDomainName.cloudfrontDomainName}\n zoneId: ${exampleDomainName.cloudfrontZoneId}\n evaluateTargetHealth: true\n```\n{{% /example %}}\n{{% example %}}\n### Regional (ACM Certificate)\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.apigateway.inputs.DomainNameEndpointConfigurationArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainName = new DomainName(\"exampleDomainName\", DomainNameArgs.builder() \n .domainName(\"api.example.com\")\n .regionalCertificateArn(aws_acm_certificate_validation.example().certificate_arn())\n .endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()\n .types(\"REGIONAL\")\n .build())\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(exampleDomainName.domainName())\n .type(\"A\")\n .zoneId(aws_route53_zone.example().id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(exampleDomainName.regionalDomainName())\n .zoneId(exampleDomainName.regionalZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomainName:\n type: aws:apigateway:DomainName\n properties:\n domainName: api.example.com\n regionalCertificateArn: ${aws_acm_certificate_validation.example.certificate_arn}\n endpointConfiguration:\n types:\n - REGIONAL\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n properties:\n name: ${exampleDomainName.domainName}\n type: A\n zoneId: ${aws_route53_zone.example.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${exampleDomainName.regionalDomainName}\n zoneId: ${exampleDomainName.regionalZoneId}\n```\n{{% /example %}}\n{{% example %}}\n### Regional (IAM Certificate)\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.apigateway.inputs.DomainNameEndpointConfigurationArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainName = new DomainName(\"exampleDomainName\", DomainNameArgs.builder() \n .certificateBody(Files.readString(Paths.get(String.format(\"%s/example.com/example.crt\", path.module()))))\n .certificateChain(Files.readString(Paths.get(String.format(\"%s/example.com/ca.crt\", path.module()))))\n .certificatePrivateKey(Files.readString(Paths.get(String.format(\"%s/example.com/example.key\", path.module()))))\n .domainName(\"api.example.com\")\n .regionalCertificateName(\"example-api\")\n .endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()\n .types(\"REGIONAL\")\n .build())\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(exampleDomainName.domainName())\n .type(\"A\")\n .zoneId(aws_route53_zone.example().id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(exampleDomainName.regionalDomainName())\n .zoneId(exampleDomainName.regionalZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomainName:\n type: aws:apigateway:DomainName\n properties:\n certificateBody:\n fn::readFile: ${path.module}/example.com/example.crt\n certificateChain:\n fn::readFile: ${path.module}/example.com/ca.crt\n certificatePrivateKey:\n fn::readFile: ${path.module}/example.com/example.key\n domainName: api.example.com\n regionalCertificateName: example-api\n endpointConfiguration:\n types:\n - REGIONAL\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n properties:\n name: ${exampleDomainName.domainName}\n type: A\n zoneId: ${aws_route53_zone.example.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${exampleDomainName.regionalDomainName}\n zoneId: ${exampleDomainName.regionalZoneId}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import API Gateway domain names using their `name`. For example:\n\n```sh\n $ pulumi import aws:apigateway/domainName:DomainName example dev.example.com\n```\n ", + "description": "Registers a custom domain name for use with AWS API Gateway. Additional information about this functionality\ncan be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).\n\nThis resource just establishes ownership of and the TLS settings for\na particular domain name. An API can be attached to a particular path\nunder the registered domain name using\nthe `aws.apigateway.BasePathMapping` resource.\n\nAPI Gateway domains can be defined as either 'edge-optimized' or 'regional'. In an edge-optimized configuration,\nAPI Gateway internally creates and manages a CloudFront distribution to route requests on the given hostname. In\naddition to this resource it's necessary to create a DNS record corresponding to the given domain name which is an alias\n(either Route53 alias or traditional CNAME) to the Cloudfront domain name exported in the `cloudfront_domain_name`\nattribute.\n\nIn a regional configuration, API Gateway does not create a CloudFront distribution to route requests to the API, though\na distribution can be created if needed. In either case, it is necessary to create a DNS record corresponding to the\ngiven domain name which is an alias (either Route53 alias or traditional CNAME) to the regional domain name exported in\nthe `regional_domain_name` attribute.\n\n\u003e **Note:** API Gateway requires the use of AWS Certificate Manager (ACM) certificates instead of Identity and Access Management (IAM) certificates in regions that support ACM. Regions that support ACM can be found in the [Regions and Endpoints Documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#acm_region). To import an existing private key and certificate into ACM or request an ACM certificate, see the `aws.acm.Certificate` resource.\n\n\u003e **Note:** The `aws.apigateway.DomainName` resource expects dependency on the `aws.acm.CertificateValidation` as\nonly verified certificates can be used. This can be made either explicitly by adding the\n`depends_on = [aws_acm_certificate_validation.cert]` attribute. Or implicitly by referring certificate ARN\nfrom the validation resource where it will be available after the resource creation:\n`regional_certificate_arn = aws_acm_certificate_validation.cert.certificate_arn`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Edge Optimized (ACM Certificate)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDomainName = new aws.apigateway.DomainName(\"exampleDomainName\", {\n certificateArn: aws_acm_certificate_validation.example.certificate_arn,\n domainName: \"api.example.com\",\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"exampleRecord\", {\n name: exampleDomainName.domainName,\n type: \"A\",\n zoneId: aws_route53_zone.example.id,\n aliases: [{\n evaluateTargetHealth: true,\n name: exampleDomainName.cloudfrontDomainName,\n zoneId: exampleDomainName.cloudfrontZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_name = aws.apigateway.DomainName(\"exampleDomainName\",\n certificate_arn=aws_acm_certificate_validation[\"example\"][\"certificate_arn\"],\n domain_name=\"api.example.com\")\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"exampleRecord\",\n name=example_domain_name.domain_name,\n type=\"A\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=True,\n name=example_domain_name.cloudfront_domain_name,\n zone_id=example_domain_name.cloudfront_zone_id,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDomainName = new Aws.ApiGateway.DomainName(\"exampleDomainName\", new()\n {\n CertificateArn = aws_acm_certificate_validation.Example.Certificate_arn,\n Domain = \"api.example.com\",\n });\n\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"exampleRecord\", new()\n {\n Name = exampleDomainName.Domain,\n Type = \"A\",\n ZoneId = aws_route53_zone.Example.Id,\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = true,\n Name = exampleDomainName.CloudfrontDomainName,\n ZoneId = exampleDomainName.CloudfrontZoneId,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomainName, err := apigateway.NewDomainName(ctx, \"exampleDomainName\", \u0026apigateway.DomainNameArgs{\n\t\t\tCertificateArn: pulumi.Any(aws_acm_certificate_validation.Example.Certificate_arn),\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example DNS record using Route53.\n\t\t// Route53 is not specifically required; any DNS host can be used.\n\t\t_, err = route53.NewRecord(ctx, \"exampleRecord\", \u0026route53.RecordArgs{\n\t\t\tName: exampleDomainName.DomainName,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t\tName: exampleDomainName.CloudfrontDomainName,\n\t\t\t\t\tZoneId: exampleDomainName.CloudfrontZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainName = new DomainName(\"exampleDomainName\", DomainNameArgs.builder() \n .certificateArn(aws_acm_certificate_validation.example().certificate_arn())\n .domainName(\"api.example.com\")\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(exampleDomainName.domainName())\n .type(\"A\")\n .zoneId(aws_route53_zone.example().id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(exampleDomainName.cloudfrontDomainName())\n .zoneId(exampleDomainName.cloudfrontZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomainName:\n type: aws:apigateway:DomainName\n properties:\n certificateArn: ${aws_acm_certificate_validation.example.certificate_arn}\n domainName: api.example.com\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n properties:\n name: ${exampleDomainName.domainName}\n type: A\n zoneId: ${aws_route53_zone.example.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${exampleDomainName.cloudfrontDomainName}\n zoneId: ${exampleDomainName.cloudfrontZoneId}\n```\n{{% /example %}}\n{{% example %}}\n### Edge Optimized (IAM Certificate)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\n\nconst exampleDomainName = new aws.apigateway.DomainName(\"exampleDomainName\", {\n domainName: \"api.example.com\",\n certificateName: \"example-api\",\n certificateBody: fs.readFileSync(`${path.module}/example.com/example.crt`, \"utf8\"),\n certificateChain: fs.readFileSync(`${path.module}/example.com/ca.crt`, \"utf8\"),\n certificatePrivateKey: fs.readFileSync(`${path.module}/example.com/example.key`, \"utf8\"),\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"exampleRecord\", {\n zoneId: aws_route53_zone.example.id,\n name: exampleDomainName.domainName,\n type: \"A\",\n aliases: [{\n name: exampleDomainName.cloudfrontDomainName,\n zoneId: exampleDomainName.cloudfrontZoneId,\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_name = aws.apigateway.DomainName(\"exampleDomainName\",\n domain_name=\"api.example.com\",\n certificate_name=\"example-api\",\n certificate_body=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.crt\"),\n certificate_chain=(lambda path: open(path).read())(f\"{path['module']}/example.com/ca.crt\"),\n certificate_private_key=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.key\"))\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"exampleRecord\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n name=example_domain_name.domain_name,\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=example_domain_name.cloudfront_domain_name,\n zone_id=example_domain_name.cloudfront_zone_id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleDomainName = new Aws.ApiGateway.DomainName(\"exampleDomainName\", new()\n {\n Domain = \"api.example.com\",\n CertificateName = \"example-api\",\n CertificateBody = File.ReadAllText($\"{path.Module}/example.com/example.crt\"),\n CertificateChain = File.ReadAllText($\"{path.Module}/example.com/ca.crt\"),\n CertificatePrivateKey = File.ReadAllText($\"{path.Module}/example.com/example.key\"),\n });\n\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"exampleRecord\", new()\n {\n ZoneId = aws_route53_zone.Example.Id,\n Name = exampleDomainName.Domain,\n Type = \"A\",\n Aliases = new[]\n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = exampleDomainName.CloudfrontDomainName,\n ZoneId = exampleDomainName.CloudfrontZoneId,\n EvaluateTargetHealth = true,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomainName, err := apigateway.NewDomainName(ctx, \"exampleDomainName\", \u0026apigateway.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t\tCertificateName: pulumi.String(\"example-api\"),\n\t\t\tCertificateBody: readFileOrPanic(fmt.Sprintf(\"%v/example.com/example.crt\", path.Module)),\n\t\t\tCertificateChain: readFileOrPanic(fmt.Sprintf(\"%v/example.com/ca.crt\", path.Module)),\n\t\t\tCertificatePrivateKey: readFileOrPanic(fmt.Sprintf(\"%v/example.com/example.key\", path.Module)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example DNS record using Route53.\n\t\t// Route53 is not specifically required; any DNS host can be used.\n\t\t_, err = route53.NewRecord(ctx, \"exampleRecord\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tName: exampleDomainName.DomainName,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t\u0026route53.RecordAliasArgs{\n\t\t\t\t\tName: exampleDomainName.CloudfrontDomainName,\n\t\t\t\t\tZoneId: exampleDomainName.CloudfrontZoneId,\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainName = new DomainName(\"exampleDomainName\", DomainNameArgs.builder() \n .domainName(\"api.example.com\")\n .certificateName(\"example-api\")\n .certificateBody(Files.readString(Paths.get(String.format(\"%s/example.com/example.crt\", path.module()))))\n .certificateChain(Files.readString(Paths.get(String.format(\"%s/example.com/ca.crt\", path.module()))))\n .certificatePrivateKey(Files.readString(Paths.get(String.format(\"%s/example.com/example.key\", path.module()))))\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .zoneId(aws_route53_zone.example().id())\n .name(exampleDomainName.domainName())\n .type(\"A\")\n .aliases(RecordAliasArgs.builder()\n .name(exampleDomainName.cloudfrontDomainName())\n .zoneId(exampleDomainName.cloudfrontZoneId())\n .evaluateTargetHealth(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomainName:\n type: aws:apigateway:DomainName\n properties:\n domainName: api.example.com\n certificateName: example-api\n certificateBody:\n fn::readFile: ${path.module}/example.com/example.crt\n certificateChain:\n fn::readFile: ${path.module}/example.com/ca.crt\n certificatePrivateKey:\n fn::readFile: ${path.module}/example.com/example.key\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n properties:\n zoneId: ${aws_route53_zone.example.id} # See aws_route53_zone for how to create this\n name: ${exampleDomainName.domainName}\n type: A\n aliases:\n - name: ${exampleDomainName.cloudfrontDomainName}\n zoneId: ${exampleDomainName.cloudfrontZoneId}\n evaluateTargetHealth: true\n```\n{{% /example %}}\n{{% example %}}\n### Regional (ACM Certificate)\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.apigateway.inputs.DomainNameEndpointConfigurationArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainName = new DomainName(\"exampleDomainName\", DomainNameArgs.builder() \n .domainName(\"api.example.com\")\n .regionalCertificateArn(aws_acm_certificate_validation.example().certificate_arn())\n .endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()\n .types(\"REGIONAL\")\n .build())\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(exampleDomainName.domainName())\n .type(\"A\")\n .zoneId(aws_route53_zone.example().id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(exampleDomainName.regionalDomainName())\n .zoneId(exampleDomainName.regionalZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomainName:\n type: aws:apigateway:DomainName\n properties:\n domainName: api.example.com\n regionalCertificateArn: ${aws_acm_certificate_validation.example.certificate_arn}\n endpointConfiguration:\n types:\n - REGIONAL\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n properties:\n name: ${exampleDomainName.domainName}\n type: A\n zoneId: ${aws_route53_zone.example.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${exampleDomainName.regionalDomainName}\n zoneId: ${exampleDomainName.regionalZoneId}\n```\n{{% /example %}}\n{{% example %}}\n### Regional (IAM Certificate)\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.DomainName;\nimport com.pulumi.aws.apigateway.DomainNameArgs;\nimport com.pulumi.aws.apigateway.inputs.DomainNameEndpointConfigurationArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport com.pulumi.aws.route53.inputs.RecordAliasArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainName = new DomainName(\"exampleDomainName\", DomainNameArgs.builder() \n .certificateBody(Files.readString(Paths.get(String.format(\"%s/example.com/example.crt\", path.module()))))\n .certificateChain(Files.readString(Paths.get(String.format(\"%s/example.com/ca.crt\", path.module()))))\n .certificatePrivateKey(Files.readString(Paths.get(String.format(\"%s/example.com/example.key\", path.module()))))\n .domainName(\"api.example.com\")\n .regionalCertificateName(\"example-api\")\n .endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()\n .types(\"REGIONAL\")\n .build())\n .build());\n\n var exampleRecord = new Record(\"exampleRecord\", RecordArgs.builder() \n .name(exampleDomainName.domainName())\n .type(\"A\")\n .zoneId(aws_route53_zone.example().id())\n .aliases(RecordAliasArgs.builder()\n .evaluateTargetHealth(true)\n .name(exampleDomainName.regionalDomainName())\n .zoneId(exampleDomainName.regionalZoneId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleDomainName:\n type: aws:apigateway:DomainName\n properties:\n certificateBody:\n fn::readFile: ${path.module}/example.com/example.crt\n certificateChain:\n fn::readFile: ${path.module}/example.com/ca.crt\n certificatePrivateKey:\n fn::readFile: ${path.module}/example.com/example.key\n domainName: api.example.com\n regionalCertificateName: example-api\n endpointConfiguration:\n types:\n - REGIONAL\n # Example DNS record using Route53.\n # Route53 is not specifically required; any DNS host can be used.\n exampleRecord:\n type: aws:route53:Record\n properties:\n name: ${exampleDomainName.domainName}\n type: A\n zoneId: ${aws_route53_zone.example.id}\n aliases:\n - evaluateTargetHealth: true\n name: ${exampleDomainName.regionalDomainName}\n zoneId: ${exampleDomainName.regionalZoneId}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import API Gateway domain names using their `name`. For example:\n\n```sh\n $ pulumi import aws:apigateway/domainName:DomainName example dev.example.com\n```\n ", "properties": { "arn": { "type": "string", @@ -156051,7 +156051,7 @@ } }, "aws:apigateway/integration:Integration": { - "description": "Provides an HTTP Method Integration for an API Gateway Integration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"myDemoAPI\", {description: \"This is my API for demonstration purposes\"});\nconst myDemoResource = new aws.apigateway.Resource(\"myDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"myDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst myDemoIntegration = new aws.apigateway.Integration(\"myDemoIntegration\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n type: \"MOCK\",\n cacheKeyParameters: [\"method.request.path.param\"],\n cacheNamespace: \"foobar\",\n timeoutMilliseconds: 29000,\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n requestTemplates: {\n \"application/xml\": `{\n \"body\" : $input.json('$')\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"myDemoAPI\", description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"myDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"myDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nmy_demo_integration = aws.apigateway.Integration(\"myDemoIntegration\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n type=\"MOCK\",\n cache_key_parameters=[\"method.request.path.param\"],\n cache_namespace=\"foobar\",\n timeout_milliseconds=29000,\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n request_templates={\n \"application/xml\": \"\"\"{\n \"body\" : $input.json('$')\n}\n\"\"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"myDemoAPI\", new()\n {\n Description = \"This is my API for demonstration purposes\",\n });\n\n var myDemoResource = new Aws.ApiGateway.Resource(\"myDemoResource\", new()\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n\n var myDemoMethod = new Aws.ApiGateway.Method(\"myDemoMethod\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n var myDemoIntegration = new Aws.ApiGateway.Integration(\"myDemoIntegration\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n Type = \"MOCK\",\n CacheKeyParameters = new[]\n {\n \"method.request.path.param\",\n },\n CacheNamespace = \"foobar\",\n TimeoutMilliseconds = 29000,\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n },\n RequestTemplates = \n {\n { \"application/xml\", @\"{\n \"\"body\"\" : $input.json('$')\n}\n\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"myDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"myDemoResource\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoMethod, err := apigateway.NewMethod(ctx, \"myDemoMethod\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"myDemoIntegration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t\tCacheKeyParameters: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"method.request.path.param\"),\n\t\t\t},\n\t\t\tCacheNamespace: pulumi.String(\"foobar\"),\n\t\t\tTimeoutMilliseconds: pulumi.Int(29000),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t},\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/xml\": pulumi.String(\"{\\n \\\"body\\\" : $input.json('$')\\n}\\n\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder() \n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var myDemoResource = new Resource(\"myDemoResource\", ResourceArgs.builder() \n .restApi(myDemoAPI.id())\n .parentId(myDemoAPI.rootResourceId())\n .pathPart(\"mydemoresource\")\n .build());\n\n var myDemoMethod = new Method(\"myDemoMethod\", MethodArgs.builder() \n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n var myDemoIntegration = new Integration(\"myDemoIntegration\", IntegrationArgs.builder() \n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(myDemoMethod.httpMethod())\n .type(\"MOCK\")\n .cacheKeyParameters(\"method.request.path.param\")\n .cacheNamespace(\"foobar\")\n .timeoutMilliseconds(29000)\n .requestParameters(Map.of(\"integration.request.header.X-Authorization\", \"'static'\"))\n .requestTemplates(Map.of(\"application/xml\", \"\"\"\n{\n \"body\" : $input.json('$')\n}\n \"\"\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n properties:\n description: This is my API for demonstration purposes\n myDemoResource:\n type: aws:apigateway:Resource\n properties:\n restApi: ${myDemoAPI.id}\n parentId: ${myDemoAPI.rootResourceId}\n pathPart: mydemoresource\n myDemoMethod:\n type: aws:apigateway:Method\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: GET\n authorization: NONE\n myDemoIntegration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: ${myDemoMethod.httpMethod}\n type: MOCK\n cacheKeyParameters:\n - method.request.path.param\n cacheNamespace: foobar\n timeoutMilliseconds: 29000\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n # Transforms the incoming XML request to JSON\n requestTemplates:\n application/xml: |\n {\n \"body\" : $input.json('$')\n }\n```\n{{% /example %}}\n{{% /examples %}}\n## Lambda integration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst myregion = config.requireObject(\"myregion\");\nconst accountId = config.requireObject(\"accountId\");\n// API Gateway\nconst api = new aws.apigateway.RestApi(\"api\", {});\nconst resource = new aws.apigateway.Resource(\"resource\", {\n pathPart: \"resource\",\n parentId: api.rootResourceId,\n restApi: api.id,\n});\nconst method = new aws.apigateway.Method(\"method\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst lambda = new aws.lambda.Function(\"lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n role: role.arn,\n handler: \"lambda.lambda_handler\",\n runtime: \"python3.7\",\n});\nconst integration = new aws.apigateway.Integration(\"integration\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: method.httpMethod,\n integrationHttpMethod: \"POST\",\n type: \"AWS_PROXY\",\n uri: lambda.invokeArn,\n});\n// Lambda\nconst apigwLambda = new aws.lambda.Permission(\"apigwLambda\", {\n action: \"lambda:InvokeFunction\",\n \"function\": lambda.name,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nmyregion = config.require_object(\"myregion\")\naccount_id = config.require_object(\"accountId\")\n# API Gateway\napi = aws.apigateway.RestApi(\"api\")\nresource = aws.apigateway.Resource(\"resource\",\n path_part=\"resource\",\n parent_id=api.root_resource_id,\n rest_api=api.id)\nmethod = aws.apigateway.Method(\"method\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\", assume_role_policy=assume_role.json)\nlambda_ = aws.lambda_.Function(\"lambda\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n role=role.arn,\n handler=\"lambda.lambda_handler\",\n runtime=\"python3.7\")\nintegration = aws.apigateway.Integration(\"integration\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=method.http_method,\n integration_http_method=\"POST\",\n type=\"AWS_PROXY\",\n uri=lambda_.invoke_arn)\n# Lambda\napigw_lambda = aws.lambda_.Permission(\"apigwLambda\",\n action=\"lambda:InvokeFunction\",\n function=lambda_.name,\n principal=\"apigateway.amazonaws.com\",\n source_arn=pulumi.Output.all(api.id, method.http_method, resource.path).apply(lambda id, http_method, path: f\"arn:aws:execute-api:{myregion}:{account_id}:{id}/*/{http_method}{path}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var myregion = config.RequireObject\u003cdynamic\u003e(\"myregion\");\n var accountId = config.RequireObject\u003cdynamic\u003e(\"accountId\");\n // API Gateway\n var api = new Aws.ApiGateway.RestApi(\"api\");\n\n var resource = new Aws.ApiGateway.Resource(\"resource\", new()\n {\n PathPart = \"resource\",\n ParentId = api.RootResourceId,\n RestApi = api.Id,\n });\n\n var method = new Aws.ApiGateway.Method(\"method\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = new Aws.Lambda.Function(\"lambda\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Role = role.Arn,\n Handler = \"lambda.lambda_handler\",\n Runtime = \"python3.7\",\n });\n\n var integration = new Aws.ApiGateway.Integration(\"integration\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = method.HttpMethod,\n IntegrationHttpMethod = \"POST\",\n Type = \"AWS_PROXY\",\n Uri = lambda.InvokeArn,\n });\n\n // Lambda\n var apigwLambda = new Aws.Lambda.Permission(\"apigwLambda\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = lambda.Name,\n Principal = \"apigateway.amazonaws.com\",\n SourceArn = Output.Tuple(api.Id, method.HttpMethod, resource.Path).Apply(values =\u003e\n {\n var id = values.Item1;\n var httpMethod = values.Item2;\n var path = values.Item3;\n return $\"arn:aws:execute-api:{myregion}:{accountId}:{id}/*/{httpMethod}{path}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tmyregion := cfg.RequireObject(\"myregion\")\n\t\taccountId := cfg.RequireObject(\"accountId\")\n\t\tapi, err := apigateway.NewRestApi(ctx, \"api\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tresource, err := apigateway.NewResource(ctx, \"resource\", \u0026apigateway.ResourceArgs{\n\t\t\tPathPart: pulumi.String(\"resource\"),\n\t\t\tParentId: api.RootResourceId,\n\t\t\tRestApi: api.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmethod, err := apigateway.NewMethod(ctx, \"method\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := lambda.NewFunction(ctx, \"lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tRole: role.Arn,\n\t\t\tHandler: pulumi.String(\"lambda.lambda_handler\"),\n\t\t\tRuntime: pulumi.String(\"python3.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"integration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: method.HttpMethod,\n\t\t\tIntegrationHttpMethod: pulumi.String(\"POST\"),\n\t\t\tType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tUri: lambda.InvokeArn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"apigwLambda\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: lambda.Name,\n\t\t\tPrincipal: pulumi.String(\"apigateway.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.All(api.ID(), method.HttpMethod, resource.Path).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tid := _args[0].(string)\n\t\t\t\thttpMethod := _args[1].(string)\n\t\t\t\tpath := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(\"arn:aws:execute-api:%v:%v:%v/*/%v%v\", myregion, accountId, id, httpMethod, path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var myregion = config.get(\"myregion\");\n final var accountId = config.get(\"accountId\");\n var api = new RestApi(\"api\");\n\n var resource = new Resource(\"resource\", ResourceArgs.builder() \n .pathPart(\"resource\")\n .parentId(api.rootResourceId())\n .restApi(api.id())\n .build());\n\n var method = new Method(\"method\", MethodArgs.builder() \n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambda = new Function(\"lambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda.zip\"))\n .role(role.arn())\n .handler(\"lambda.lambda_handler\")\n .runtime(\"python3.7\")\n .build());\n\n var integration = new Integration(\"integration\", IntegrationArgs.builder() \n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(method.httpMethod())\n .integrationHttpMethod(\"POST\")\n .type(\"AWS_PROXY\")\n .uri(lambda.invokeArn())\n .build());\n\n var apigwLambda = new Permission(\"apigwLambda\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(lambda.name())\n .principal(\"apigateway.amazonaws.com\")\n .sourceArn(Output.tuple(api.id(), method.httpMethod(), resource.path()).applyValue(values -\u003e {\n var id = values.t1;\n var httpMethod = values.t2;\n var path = values.t3;\n return String.format(\"arn:aws:execute-api:%s:%s:%s/*/%s%s\", myregion,accountId,id,httpMethod,path);\n }))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Variables\n myregion:\n type: dynamic\n accountId:\n type: dynamic\nresources:\n # API Gateway\n api:\n type: aws:apigateway:RestApi\n resource:\n type: aws:apigateway:Resource\n properties:\n pathPart: resource\n parentId: ${api.rootResourceId}\n restApi: ${api.id}\n method:\n type: aws:apigateway:Method\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: GET\n authorization: NONE\n integration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: ${method.httpMethod}\n integrationHttpMethod: POST\n type: AWS_PROXY\n uri: ${lambda.invokeArn}\n # Lambda\n apigwLambda:\n type: aws:lambda:Permission\n properties:\n action: lambda:InvokeFunction\n function: ${lambda.name}\n principal: apigateway.amazonaws.com\n # More: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html\n sourceArn: arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}\n lambda:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda.zip\n role: ${role.arn}\n handler: lambda.lambda_handler\n runtime: python3.7\n role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\n## VPC Link\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lb.LoadBalancer;\nimport com.pulumi.aws.lb.LoadBalancerArgs;\nimport com.pulumi.aws.apigateway.VpcLink;\nimport com.pulumi.aws.apigateway.VpcLinkArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var name = config.get(\"name\");\n final var subnetId = config.get(\"subnetId\");\n var testLoadBalancer = new LoadBalancer(\"testLoadBalancer\", LoadBalancerArgs.builder() \n .internal(true)\n .loadBalancerType(\"network\")\n .subnets(subnetId)\n .build());\n\n var testVpcLink = new VpcLink(\"testVpcLink\", VpcLinkArgs.builder() \n .targetArn(testLoadBalancer.arn())\n .build());\n\n var testRestApi = new RestApi(\"testRestApi\");\n\n var testResource = new Resource(\"testResource\", ResourceArgs.builder() \n .restApi(testRestApi.id())\n .parentId(testRestApi.rootResourceId())\n .pathPart(\"test\")\n .build());\n\n var testMethod = new Method(\"testMethod\", MethodArgs.builder() \n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .requestModels(Map.of(\"application/json\", \"Error\"))\n .build());\n\n var testIntegration = new Integration(\"testIntegration\", IntegrationArgs.builder() \n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(testMethod.httpMethod())\n .requestTemplates(Map.ofEntries(\n Map.entry(\"application/json\", \"\"),\n Map.entry(\"application/xml\", \"\"\"\n#set($inputRoot = $input.path('$'))\n{ } \"\"\")\n ))\n .requestParameters(Map.ofEntries(\n Map.entry(\"integration.request.header.X-Authorization\", \"'static'\"),\n Map.entry(\"integration.request.header.X-Foo\", \"'Bar'\")\n ))\n .type(\"HTTP\")\n .uri(\"https://www.google.de\")\n .integrationHttpMethod(\"GET\")\n .passthroughBehavior(\"WHEN_NO_MATCH\")\n .contentHandling(\"CONVERT_TO_TEXT\")\n .connectionType(\"VPC_LINK\")\n .connectionId(testVpcLink.id())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n name:\n type: dynamic\n subnetId:\n type: dynamic\nresources:\n testLoadBalancer:\n type: aws:lb:LoadBalancer\n properties:\n internal: true\n loadBalancerType: network\n subnets:\n - ${subnetId}\n testVpcLink:\n type: aws:apigateway:VpcLink\n properties:\n targetArn:\n - ${testLoadBalancer.arn}\n testRestApi:\n type: aws:apigateway:RestApi\n testResource:\n type: aws:apigateway:Resource\n properties:\n restApi: ${testRestApi.id}\n parentId: ${testRestApi.rootResourceId}\n pathPart: test\n testMethod:\n type: aws:apigateway:Method\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: GET\n authorization: NONE\n requestModels:\n application/json: Error\n testIntegration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: ${testMethod.httpMethod}\n requestTemplates:\n application/json:\n application/xml: |-\n #set($inputRoot = $input.path('$'))\n { }\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n integration.request.header.X-Foo: '''Bar'''\n type: HTTP\n uri: https://www.google.de\n integrationHttpMethod: GET\n passthroughBehavior: WHEN_NO_MATCH\n contentHandling: CONVERT_TO_TEXT\n connectionType: VPC_LINK\n connectionId: ${testVpcLink.id}\n```\n\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_integration` using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`. For example:\n\n```sh\n $ pulumi import aws:apigateway/integration:Integration example 12345abcde/67890fghij/GET\n```\n ", + "description": "Provides an HTTP Method Integration for an API Gateway Integration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"myDemoAPI\", {description: \"This is my API for demonstration purposes\"});\nconst myDemoResource = new aws.apigateway.Resource(\"myDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"myDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst myDemoIntegration = new aws.apigateway.Integration(\"myDemoIntegration\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n type: \"MOCK\",\n cacheKeyParameters: [\"method.request.path.param\"],\n cacheNamespace: \"foobar\",\n timeoutMilliseconds: 29000,\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n requestTemplates: {\n \"application/xml\": `{\n \"body\" : $input.json('$')\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"myDemoAPI\", description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"myDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"myDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nmy_demo_integration = aws.apigateway.Integration(\"myDemoIntegration\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n type=\"MOCK\",\n cache_key_parameters=[\"method.request.path.param\"],\n cache_namespace=\"foobar\",\n timeout_milliseconds=29000,\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n request_templates={\n \"application/xml\": \"\"\"{\n \"body\" : $input.json('$')\n}\n\"\"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"myDemoAPI\", new()\n {\n Description = \"This is my API for demonstration purposes\",\n });\n\n var myDemoResource = new Aws.ApiGateway.Resource(\"myDemoResource\", new()\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n\n var myDemoMethod = new Aws.ApiGateway.Method(\"myDemoMethod\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n var myDemoIntegration = new Aws.ApiGateway.Integration(\"myDemoIntegration\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n Type = \"MOCK\",\n CacheKeyParameters = new[]\n {\n \"method.request.path.param\",\n },\n CacheNamespace = \"foobar\",\n TimeoutMilliseconds = 29000,\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n },\n RequestTemplates = \n {\n { \"application/xml\", @\"{\n \"\"body\"\" : $input.json('$')\n}\n\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"myDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"myDemoResource\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoMethod, err := apigateway.NewMethod(ctx, \"myDemoMethod\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"myDemoIntegration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t\tCacheKeyParameters: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"method.request.path.param\"),\n\t\t\t},\n\t\t\tCacheNamespace: pulumi.String(\"foobar\"),\n\t\t\tTimeoutMilliseconds: pulumi.Int(29000),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t},\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/xml\": pulumi.String(\"{\\n \\\"body\\\" : $input.json('$')\\n}\\n\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder() \n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var myDemoResource = new Resource(\"myDemoResource\", ResourceArgs.builder() \n .restApi(myDemoAPI.id())\n .parentId(myDemoAPI.rootResourceId())\n .pathPart(\"mydemoresource\")\n .build());\n\n var myDemoMethod = new Method(\"myDemoMethod\", MethodArgs.builder() \n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n var myDemoIntegration = new Integration(\"myDemoIntegration\", IntegrationArgs.builder() \n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(myDemoMethod.httpMethod())\n .type(\"MOCK\")\n .cacheKeyParameters(\"method.request.path.param\")\n .cacheNamespace(\"foobar\")\n .timeoutMilliseconds(29000)\n .requestParameters(Map.of(\"integration.request.header.X-Authorization\", \"'static'\"))\n .requestTemplates(Map.of(\"application/xml\", \"\"\"\n{\n \"body\" : $input.json('$')\n}\n \"\"\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n properties:\n description: This is my API for demonstration purposes\n myDemoResource:\n type: aws:apigateway:Resource\n properties:\n restApi: ${myDemoAPI.id}\n parentId: ${myDemoAPI.rootResourceId}\n pathPart: mydemoresource\n myDemoMethod:\n type: aws:apigateway:Method\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: GET\n authorization: NONE\n myDemoIntegration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: ${myDemoMethod.httpMethod}\n type: MOCK\n cacheKeyParameters:\n - method.request.path.param\n cacheNamespace: foobar\n timeoutMilliseconds: 29000\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n # Transforms the incoming XML request to JSON\n requestTemplates:\n application/xml: |\n {\n \"body\" : $input.json('$')\n }\n```\n{{% /example %}}\n{{% /examples %}}\n## Lambda integration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst myregion = config.requireObject(\"myregion\");\nconst accountId = config.requireObject(\"accountId\");\n// API Gateway\nconst api = new aws.apigateway.RestApi(\"api\", {});\nconst resource = new aws.apigateway.Resource(\"resource\", {\n pathPart: \"resource\",\n parentId: api.rootResourceId,\n restApi: api.id,\n});\nconst method = new aws.apigateway.Method(\"method\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst lambda = new aws.lambda.Function(\"lambda\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n role: role.arn,\n handler: \"lambda.lambda_handler\",\n runtime: \"python3.7\",\n});\nconst integration = new aws.apigateway.Integration(\"integration\", {\n restApi: api.id,\n resourceId: resource.id,\n httpMethod: method.httpMethod,\n integrationHttpMethod: \"POST\",\n type: \"AWS_PROXY\",\n uri: lambda.invokeArn,\n});\n// Lambda\nconst apigwLambda = new aws.lambda.Permission(\"apigwLambda\", {\n action: \"lambda:InvokeFunction\",\n \"function\": lambda.name,\n principal: \"apigateway.amazonaws.com\",\n sourceArn: pulumi.interpolate`arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nmyregion = config.require_object(\"myregion\")\naccount_id = config.require_object(\"accountId\")\n# API Gateway\napi = aws.apigateway.RestApi(\"api\")\nresource = aws.apigateway.Resource(\"resource\",\n path_part=\"resource\",\n parent_id=api.root_resource_id,\n rest_api=api.id)\nmethod = aws.apigateway.Method(\"method\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\", assume_role_policy=assume_role.json)\nlambda_ = aws.lambda_.Function(\"lambda\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n role=role.arn,\n handler=\"lambda.lambda_handler\",\n runtime=\"python3.7\")\nintegration = aws.apigateway.Integration(\"integration\",\n rest_api=api.id,\n resource_id=resource.id,\n http_method=method.http_method,\n integration_http_method=\"POST\",\n type=\"AWS_PROXY\",\n uri=lambda_.invoke_arn)\n# Lambda\napigw_lambda = aws.lambda_.Permission(\"apigwLambda\",\n action=\"lambda:InvokeFunction\",\n function=lambda_.name,\n principal=\"apigateway.amazonaws.com\",\n source_arn=pulumi.Output.all(api.id, method.http_method, resource.path).apply(lambda id, http_method, path: f\"arn:aws:execute-api:{myregion}:{account_id}:{id}/*/{http_method}{path}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var myregion = config.RequireObject\u003cdynamic\u003e(\"myregion\");\n var accountId = config.RequireObject\u003cdynamic\u003e(\"accountId\");\n // API Gateway\n var api = new Aws.ApiGateway.RestApi(\"api\");\n\n var resource = new Aws.ApiGateway.Resource(\"resource\", new()\n {\n PathPart = \"resource\",\n ParentId = api.RootResourceId,\n RestApi = api.Id,\n });\n\n var method = new Aws.ApiGateway.Method(\"method\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = new Aws.Lambda.Function(\"lambda\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Role = role.Arn,\n Handler = \"lambda.lambda_handler\",\n Runtime = \"python3.7\",\n });\n\n var integration = new Aws.ApiGateway.Integration(\"integration\", new()\n {\n RestApi = api.Id,\n ResourceId = resource.Id,\n HttpMethod = method.HttpMethod,\n IntegrationHttpMethod = \"POST\",\n Type = \"AWS_PROXY\",\n Uri = lambda.InvokeArn,\n });\n\n // Lambda\n var apigwLambda = new Aws.Lambda.Permission(\"apigwLambda\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = lambda.Name,\n Principal = \"apigateway.amazonaws.com\",\n SourceArn = Output.Tuple(api.Id, method.HttpMethod, resource.Path).Apply(values =\u003e\n {\n var id = values.Item1;\n var httpMethod = values.Item2;\n var path = values.Item3;\n return $\"arn:aws:execute-api:{myregion}:{accountId}:{id}/*/{httpMethod}{path}\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tmyregion := cfg.RequireObject(\"myregion\")\n\t\taccountId := cfg.RequireObject(\"accountId\")\n\t\t// API Gateway\n\t\tapi, err := apigateway.NewRestApi(ctx, \"api\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tresource, err := apigateway.NewResource(ctx, \"resource\", \u0026apigateway.ResourceArgs{\n\t\t\tPathPart: pulumi.String(\"resource\"),\n\t\t\tParentId: api.RootResourceId,\n\t\t\tRestApi: api.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmethod, err := apigateway.NewMethod(ctx, \"method\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambda, err := lambda.NewFunction(ctx, \"lambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tRole: role.Arn,\n\t\t\tHandler: pulumi.String(\"lambda.lambda_handler\"),\n\t\t\tRuntime: pulumi.String(\"python3.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"integration\", \u0026apigateway.IntegrationArgs{\n\t\t\tRestApi: api.ID(),\n\t\t\tResourceId: resource.ID(),\n\t\t\tHttpMethod: method.HttpMethod,\n\t\t\tIntegrationHttpMethod: pulumi.String(\"POST\"),\n\t\t\tType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tUri: lambda.InvokeArn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Lambda\n\t\t_, err = lambda.NewPermission(ctx, \"apigwLambda\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: lambda.Name,\n\t\t\tPrincipal: pulumi.String(\"apigateway.amazonaws.com\"),\n\t\t\tSourceArn: pulumi.All(api.ID(), method.HttpMethod, resource.Path).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tid := _args[0].(string)\n\t\t\t\thttpMethod := _args[1].(string)\n\t\t\t\tpath := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(\"arn:aws:execute-api:%v:%v:%v/*/%v%v\", myregion, accountId, id, httpMethod, path), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var myregion = config.get(\"myregion\");\n final var accountId = config.get(\"accountId\");\n var api = new RestApi(\"api\");\n\n var resource = new Resource(\"resource\", ResourceArgs.builder() \n .pathPart(\"resource\")\n .parentId(api.rootResourceId())\n .restApi(api.id())\n .build());\n\n var method = new Method(\"method\", MethodArgs.builder() \n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambda = new Function(\"lambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda.zip\"))\n .role(role.arn())\n .handler(\"lambda.lambda_handler\")\n .runtime(\"python3.7\")\n .build());\n\n var integration = new Integration(\"integration\", IntegrationArgs.builder() \n .restApi(api.id())\n .resourceId(resource.id())\n .httpMethod(method.httpMethod())\n .integrationHttpMethod(\"POST\")\n .type(\"AWS_PROXY\")\n .uri(lambda.invokeArn())\n .build());\n\n var apigwLambda = new Permission(\"apigwLambda\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(lambda.name())\n .principal(\"apigateway.amazonaws.com\")\n .sourceArn(Output.tuple(api.id(), method.httpMethod(), resource.path()).applyValue(values -\u003e {\n var id = values.t1;\n var httpMethod = values.t2;\n var path = values.t3;\n return String.format(\"arn:aws:execute-api:%s:%s:%s/*/%s%s\", myregion,accountId,id,httpMethod,path);\n }))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n # Variables\n myregion:\n type: dynamic\n accountId:\n type: dynamic\nresources:\n # API Gateway\n api:\n type: aws:apigateway:RestApi\n resource:\n type: aws:apigateway:Resource\n properties:\n pathPart: resource\n parentId: ${api.rootResourceId}\n restApi: ${api.id}\n method:\n type: aws:apigateway:Method\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: GET\n authorization: NONE\n integration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${api.id}\n resourceId: ${resource.id}\n httpMethod: ${method.httpMethod}\n integrationHttpMethod: POST\n type: AWS_PROXY\n uri: ${lambda.invokeArn}\n # Lambda\n apigwLambda:\n type: aws:lambda:Permission\n properties:\n action: lambda:InvokeFunction\n function: ${lambda.name}\n principal: apigateway.amazonaws.com\n # More: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html\n sourceArn: arn:aws:execute-api:${myregion}:${accountId}:${api.id}/*/${method.httpMethod}${resource.path}\n lambda:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda.zip\n role: ${role.arn}\n handler: lambda.lambda_handler\n runtime: python3.7\n role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\n## VPC Link\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lb.LoadBalancer;\nimport com.pulumi.aws.lb.LoadBalancerArgs;\nimport com.pulumi.aws.apigateway.VpcLink;\nimport com.pulumi.aws.apigateway.VpcLinkArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport com.pulumi.aws.apigateway.Integration;\nimport com.pulumi.aws.apigateway.IntegrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var name = config.get(\"name\");\n final var subnetId = config.get(\"subnetId\");\n var testLoadBalancer = new LoadBalancer(\"testLoadBalancer\", LoadBalancerArgs.builder() \n .internal(true)\n .loadBalancerType(\"network\")\n .subnets(subnetId)\n .build());\n\n var testVpcLink = new VpcLink(\"testVpcLink\", VpcLinkArgs.builder() \n .targetArn(testLoadBalancer.arn())\n .build());\n\n var testRestApi = new RestApi(\"testRestApi\");\n\n var testResource = new Resource(\"testResource\", ResourceArgs.builder() \n .restApi(testRestApi.id())\n .parentId(testRestApi.rootResourceId())\n .pathPart(\"test\")\n .build());\n\n var testMethod = new Method(\"testMethod\", MethodArgs.builder() \n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .requestModels(Map.of(\"application/json\", \"Error\"))\n .build());\n\n var testIntegration = new Integration(\"testIntegration\", IntegrationArgs.builder() \n .restApi(testRestApi.id())\n .resourceId(testResource.id())\n .httpMethod(testMethod.httpMethod())\n .requestTemplates(Map.ofEntries(\n Map.entry(\"application/json\", \"\"),\n Map.entry(\"application/xml\", \"\"\"\n#set($inputRoot = $input.path('$'))\n{ } \"\"\")\n ))\n .requestParameters(Map.ofEntries(\n Map.entry(\"integration.request.header.X-Authorization\", \"'static'\"),\n Map.entry(\"integration.request.header.X-Foo\", \"'Bar'\")\n ))\n .type(\"HTTP\")\n .uri(\"https://www.google.de\")\n .integrationHttpMethod(\"GET\")\n .passthroughBehavior(\"WHEN_NO_MATCH\")\n .contentHandling(\"CONVERT_TO_TEXT\")\n .connectionType(\"VPC_LINK\")\n .connectionId(testVpcLink.id())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n name:\n type: dynamic\n subnetId:\n type: dynamic\nresources:\n testLoadBalancer:\n type: aws:lb:LoadBalancer\n properties:\n internal: true\n loadBalancerType: network\n subnets:\n - ${subnetId}\n testVpcLink:\n type: aws:apigateway:VpcLink\n properties:\n targetArn:\n - ${testLoadBalancer.arn}\n testRestApi:\n type: aws:apigateway:RestApi\n testResource:\n type: aws:apigateway:Resource\n properties:\n restApi: ${testRestApi.id}\n parentId: ${testRestApi.rootResourceId}\n pathPart: test\n testMethod:\n type: aws:apigateway:Method\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: GET\n authorization: NONE\n requestModels:\n application/json: Error\n testIntegration:\n type: aws:apigateway:Integration\n properties:\n restApi: ${testRestApi.id}\n resourceId: ${testResource.id}\n httpMethod: ${testMethod.httpMethod}\n requestTemplates:\n application/json:\n application/xml: |-\n #set($inputRoot = $input.path('$'))\n { }\n requestParameters:\n integration.request.header.X-Authorization: '''static'''\n integration.request.header.X-Foo: '''Bar'''\n type: HTTP\n uri: https://www.google.de\n integrationHttpMethod: GET\n passthroughBehavior: WHEN_NO_MATCH\n contentHandling: CONVERT_TO_TEXT\n connectionType: VPC_LINK\n connectionId: ${testVpcLink.id}\n```\n\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_integration` using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`. For example:\n\n```sh\n $ pulumi import aws:apigateway/integration:Integration example 12345abcde/67890fghij/GET\n```\n ", "properties": { "cacheKeyParameters": { "type": "array", @@ -166486,7 +166486,7 @@ } }, "aws:appsync/resolver:Resolver": { - "description": "Provides an AppSync Resolver.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testGraphQLApi = new aws.appsync.GraphQLApi(\"testGraphQLApi\", {\n authenticationType: \"API_KEY\",\n schema: `type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n`,\n});\nconst testDataSource = new aws.appsync.DataSource(\"testDataSource\", {\n apiId: testGraphQLApi.id,\n name: \"my_example\",\n type: \"HTTP\",\n httpConfig: {\n endpoint: \"http://example.com\",\n },\n});\n// UNIT type resolver (default)\nconst testResolver = new aws.appsync.Resolver(\"testResolver\", {\n apiId: testGraphQLApi.id,\n field: \"singlePost\",\n type: \"Query\",\n dataSource: testDataSource.name,\n requestTemplate: `{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n`,\n responseTemplate: `#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n`,\n cachingConfig: {\n cachingKeys: [\n \"$context.identity.sub\",\n \"$context.arguments.id\",\n ],\n ttl: 60,\n },\n});\n// PIPELINE type resolver\nconst mutationPipelineTest = new aws.appsync.Resolver(\"mutationPipelineTest\", {\n type: \"Mutation\",\n apiId: testGraphQLApi.id,\n field: \"pipelineTest\",\n requestTemplate: \"{}\",\n responseTemplate: \"$util.toJson($ctx.result)\",\n kind: \"PIPELINE\",\n pipelineConfig: {\n functions: [\n aws_appsync_function.test1.function_id,\n aws_appsync_function.test2.function_id,\n aws_appsync_function.test3.function_id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_graph_ql_api = aws.appsync.GraphQLApi(\"testGraphQLApi\",\n authentication_type=\"API_KEY\",\n schema=\"\"\"type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n\"\"\")\ntest_data_source = aws.appsync.DataSource(\"testDataSource\",\n api_id=test_graph_ql_api.id,\n name=\"my_example\",\n type=\"HTTP\",\n http_config=aws.appsync.DataSourceHttpConfigArgs(\n endpoint=\"http://example.com\",\n ))\n# UNIT type resolver (default)\ntest_resolver = aws.appsync.Resolver(\"testResolver\",\n api_id=test_graph_ql_api.id,\n field=\"singlePost\",\n type=\"Query\",\n data_source=test_data_source.name,\n request_template=\"\"\"{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n\"\"\",\n response_template=\"\"\"#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n\"\"\",\n caching_config=aws.appsync.ResolverCachingConfigArgs(\n caching_keys=[\n \"$context.identity.sub\",\n \"$context.arguments.id\",\n ],\n ttl=60,\n ))\n# PIPELINE type resolver\nmutation_pipeline_test = aws.appsync.Resolver(\"mutationPipelineTest\",\n type=\"Mutation\",\n api_id=test_graph_ql_api.id,\n field=\"pipelineTest\",\n request_template=\"{}\",\n response_template=\"$util.toJson($ctx.result)\",\n kind=\"PIPELINE\",\n pipeline_config=aws.appsync.ResolverPipelineConfigArgs(\n functions=[\n aws_appsync_function[\"test1\"][\"function_id\"],\n aws_appsync_function[\"test2\"][\"function_id\"],\n aws_appsync_function[\"test3\"][\"function_id\"],\n ],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testGraphQLApi = new Aws.AppSync.GraphQLApi(\"testGraphQLApi\", new()\n {\n AuthenticationType = \"API_KEY\",\n Schema = @\"type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n\",\n });\n\n var testDataSource = new Aws.AppSync.DataSource(\"testDataSource\", new()\n {\n ApiId = testGraphQLApi.Id,\n Name = \"my_example\",\n Type = \"HTTP\",\n HttpConfig = new Aws.AppSync.Inputs.DataSourceHttpConfigArgs\n {\n Endpoint = \"http://example.com\",\n },\n });\n\n // UNIT type resolver (default)\n var testResolver = new Aws.AppSync.Resolver(\"testResolver\", new()\n {\n ApiId = testGraphQLApi.Id,\n Field = \"singlePost\",\n Type = \"Query\",\n DataSource = testDataSource.Name,\n RequestTemplate = @\"{\n \"\"version\"\": \"\"2018-05-29\"\",\n \"\"method\"\": \"\"GET\"\",\n \"\"resourcePath\"\": \"\"/\"\",\n \"\"params\"\":{\n \"\"headers\"\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n\",\n ResponseTemplate = @\"#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n\",\n CachingConfig = new Aws.AppSync.Inputs.ResolverCachingConfigArgs\n {\n CachingKeys = new[]\n {\n \"$context.identity.sub\",\n \"$context.arguments.id\",\n },\n Ttl = 60,\n },\n });\n\n // PIPELINE type resolver\n var mutationPipelineTest = new Aws.AppSync.Resolver(\"mutationPipelineTest\", new()\n {\n Type = \"Mutation\",\n ApiId = testGraphQLApi.Id,\n Field = \"pipelineTest\",\n RequestTemplate = \"{}\",\n ResponseTemplate = \"$util.toJson($ctx.result)\",\n Kind = \"PIPELINE\",\n PipelineConfig = new Aws.AppSync.Inputs.ResolverPipelineConfigArgs\n {\n Functions = new[]\n {\n aws_appsync_function.Test1.Function_id,\n aws_appsync_function.Test2.Function_id,\n aws_appsync_function.Test3.Function_id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"testGraphQLApi\", \u0026appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t\tSchema: pulumi.String(`type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestDataSource, err := appsync.NewDataSource(ctx, \"testDataSource\", \u0026appsync.DataSourceArgs{\n\t\t\tApiId: testGraphQLApi.ID(),\n\t\t\tName: pulumi.String(\"my_example\"),\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\tHttpConfig: \u0026appsync.DataSourceHttpConfigArgs{\n\t\t\t\tEndpoint: pulumi.String(\"http://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewResolver(ctx, \"testResolver\", \u0026appsync.ResolverArgs{\n\t\t\tApiId: testGraphQLApi.ID(),\n\t\t\tField: pulumi.String(\"singlePost\"),\n\t\t\tType: pulumi.String(\"Query\"),\n\t\t\tDataSource: testDataSource.Name,\n\t\t\tRequestTemplate: pulumi.String(`{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n`),\n\t\t\tResponseTemplate: pulumi.String(`#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n`),\n\t\t\tCachingConfig: \u0026appsync.ResolverCachingConfigArgs{\n\t\t\t\tCachingKeys: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"$context.identity.sub\"),\n\t\t\t\t\tpulumi.String(\"$context.arguments.id\"),\n\t\t\t\t},\n\t\t\t\tTtl: pulumi.Int(60),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewResolver(ctx, \"mutationPipelineTest\", \u0026appsync.ResolverArgs{\n\t\t\tType: pulumi.String(\"Mutation\"),\n\t\t\tApiId: testGraphQLApi.ID(),\n\t\t\tField: pulumi.String(\"pipelineTest\"),\n\t\t\tRequestTemplate: pulumi.String(\"{}\"),\n\t\t\tResponseTemplate: pulumi.String(\"$util.toJson($ctx.result)\"),\n\t\t\tKind: pulumi.String(\"PIPELINE\"),\n\t\t\tPipelineConfig: \u0026appsync.ResolverPipelineConfigArgs{\n\t\t\t\tFunctions: pulumi.StringArray{\n\t\t\t\t\taws_appsync_function.Test1.Function_id,\n\t\t\t\t\taws_appsync_function.Test2.Function_id,\n\t\t\t\t\taws_appsync_function.Test3.Function_id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.appsync.GraphQLApi;\nimport com.pulumi.aws.appsync.GraphQLApiArgs;\nimport com.pulumi.aws.appsync.DataSource;\nimport com.pulumi.aws.appsync.DataSourceArgs;\nimport com.pulumi.aws.appsync.inputs.DataSourceHttpConfigArgs;\nimport com.pulumi.aws.appsync.Resolver;\nimport com.pulumi.aws.appsync.ResolverArgs;\nimport com.pulumi.aws.appsync.inputs.ResolverCachingConfigArgs;\nimport com.pulumi.aws.appsync.inputs.ResolverPipelineConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testGraphQLApi = new GraphQLApi(\"testGraphQLApi\", GraphQLApiArgs.builder() \n .authenticationType(\"API_KEY\")\n .schema(\"\"\"\ntype Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n \"\"\")\n .build());\n\n var testDataSource = new DataSource(\"testDataSource\", DataSourceArgs.builder() \n .apiId(testGraphQLApi.id())\n .name(\"my_example\")\n .type(\"HTTP\")\n .httpConfig(DataSourceHttpConfigArgs.builder()\n .endpoint(\"http://example.com\")\n .build())\n .build());\n\n var testResolver = new Resolver(\"testResolver\", ResolverArgs.builder() \n .apiId(testGraphQLApi.id())\n .field(\"singlePost\")\n .type(\"Query\")\n .dataSource(testDataSource.name())\n .requestTemplate(\"\"\"\n{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n \"\"\")\n .responseTemplate(\"\"\"\n#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n \"\"\")\n .cachingConfig(ResolverCachingConfigArgs.builder()\n .cachingKeys( \n \"$context.identity.sub\",\n \"$context.arguments.id\")\n .ttl(60)\n .build())\n .build());\n\n var mutationPipelineTest = new Resolver(\"mutationPipelineTest\", ResolverArgs.builder() \n .type(\"Mutation\")\n .apiId(testGraphQLApi.id())\n .field(\"pipelineTest\")\n .requestTemplate(\"{}\")\n .responseTemplate(\"$util.toJson($ctx.result)\")\n .kind(\"PIPELINE\")\n .pipelineConfig(ResolverPipelineConfigArgs.builder()\n .functions( \n aws_appsync_function.test1().function_id(),\n aws_appsync_function.test2().function_id(),\n aws_appsync_function.test3().function_id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testGraphQLApi:\n type: aws:appsync:GraphQLApi\n properties:\n authenticationType: API_KEY\n schema: |\n type Mutation {\n \tputPost(id: ID!, title: String!): Post\n }\n\n type Post {\n \tid: ID!\n \ttitle: String!\n }\n\n type Query {\n \tsinglePost(id: ID!): Post\n }\n\n schema {\n \tquery: Query\n \tmutation: Mutation\n }\n testDataSource:\n type: aws:appsync:DataSource\n properties:\n apiId: ${testGraphQLApi.id}\n name: my_example\n type: HTTP\n httpConfig:\n endpoint: http://example.com\n # UNIT type resolver (default)\n testResolver:\n type: aws:appsync:Resolver\n properties:\n apiId: ${testGraphQLApi.id}\n field: singlePost\n type: Query\n dataSource: ${testDataSource.name}\n requestTemplate: |\n {\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n }\n responseTemplate: |\n #if($ctx.result.statusCode == 200)\n $ctx.result.body\n #else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n #end\n cachingConfig:\n cachingKeys:\n - $context.identity.sub\n - $context.arguments.id\n ttl: 60\n # PIPELINE type resolver\n mutationPipelineTest:\n type: aws:appsync:Resolver\n properties:\n type: Mutation\n apiId: ${testGraphQLApi.id}\n field: pipelineTest\n requestTemplate: '{}'\n responseTemplate: $util.toJson($ctx.result)\n kind: PIPELINE\n pipelineConfig:\n functions:\n - ${aws_appsync_function.test1.function_id}\n - ${aws_appsync_function.test2.function_id}\n - ${aws_appsync_function.test3.function_id}\n```\n\n{{% /example %}}\n{{% example %}}\n### JS\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\n\nconst example = new aws.appsync.Resolver(\"example\", {\n type: \"Query\",\n apiId: aws_appsync_graphql_api.test.id,\n field: \"pipelineTest\",\n kind: \"PIPELINE\",\n code: fs.readFileSync(\"some-code-dir\", \"utf8\"),\n runtime: {\n name: \"APPSYNC_JS\",\n runtimeVersion: \"1.0.0\",\n },\n pipelineConfig: {\n functions: [aws_appsync_function.test.function_id],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appsync.Resolver(\"example\",\n type=\"Query\",\n api_id=aws_appsync_graphql_api[\"test\"][\"id\"],\n field=\"pipelineTest\",\n kind=\"PIPELINE\",\n code=(lambda path: open(path).read())(\"some-code-dir\"),\n runtime=aws.appsync.ResolverRuntimeArgs(\n name=\"APPSYNC_JS\",\n runtime_version=\"1.0.0\",\n ),\n pipeline_config=aws.appsync.ResolverPipelineConfigArgs(\n functions=[aws_appsync_function[\"test\"][\"function_id\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.AppSync.Resolver(\"example\", new()\n {\n Type = \"Query\",\n ApiId = aws_appsync_graphql_api.Test.Id,\n Field = \"pipelineTest\",\n Kind = \"PIPELINE\",\n Code = File.ReadAllText(\"some-code-dir\"),\n Runtime = new Aws.AppSync.Inputs.ResolverRuntimeArgs\n {\n Name = \"APPSYNC_JS\",\n RuntimeVersion = \"1.0.0\",\n },\n PipelineConfig = new Aws.AppSync.Inputs.ResolverPipelineConfigArgs\n {\n Functions = new[]\n {\n aws_appsync_function.Test.Function_id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appsync.NewResolver(ctx, \"example\", \u0026appsync.ResolverArgs{\n\t\t\tType: pulumi.String(\"Query\"),\n\t\t\tApiId: pulumi.Any(aws_appsync_graphql_api.Test.Id),\n\t\t\tField: pulumi.String(\"pipelineTest\"),\n\t\t\tKind: pulumi.String(\"PIPELINE\"),\n\t\t\tCode: readFileOrPanic(\"some-code-dir\"),\n\t\t\tRuntime: \u0026appsync.ResolverRuntimeArgs{\n\t\t\t\tName: pulumi.String(\"APPSYNC_JS\"),\n\t\t\t\tRuntimeVersion: pulumi.String(\"1.0.0\"),\n\t\t\t},\n\t\t\tPipelineConfig: \u0026appsync.ResolverPipelineConfigArgs{\n\t\t\t\tFunctions: pulumi.StringArray{\n\t\t\t\t\taws_appsync_function.Test.Function_id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.appsync.Resolver;\nimport com.pulumi.aws.appsync.ResolverArgs;\nimport com.pulumi.aws.appsync.inputs.ResolverRuntimeArgs;\nimport com.pulumi.aws.appsync.inputs.ResolverPipelineConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Resolver(\"example\", ResolverArgs.builder() \n .type(\"Query\")\n .apiId(aws_appsync_graphql_api.test().id())\n .field(\"pipelineTest\")\n .kind(\"PIPELINE\")\n .code(Files.readString(Paths.get(\"some-code-dir\")))\n .runtime(ResolverRuntimeArgs.builder()\n .name(\"APPSYNC_JS\")\n .runtimeVersion(\"1.0.0\")\n .build())\n .pipelineConfig(ResolverPipelineConfigArgs.builder()\n .functions(aws_appsync_function.test().function_id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:appsync:Resolver\n properties:\n type: Query\n apiId: ${aws_appsync_graphql_api.test.id}\n field: pipelineTest\n kind: PIPELINE\n code:\n fn::readFile: some-code-dir\n runtime:\n name: APPSYNC_JS\n runtimeVersion: 1.0.0\n pipelineConfig:\n functions:\n - ${aws_appsync_function.test.function_id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_appsync_resolver` using the `api_id`, a hyphen, `type`, a hypen and `field`. For example:\n\n```sh\n $ pulumi import aws:appsync/resolver:Resolver example abcdef123456-exampleType-exampleField\n```\n ", + "description": "Provides an AppSync Resolver.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testGraphQLApi = new aws.appsync.GraphQLApi(\"testGraphQLApi\", {\n authenticationType: \"API_KEY\",\n schema: `type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n`,\n});\nconst testDataSource = new aws.appsync.DataSource(\"testDataSource\", {\n apiId: testGraphQLApi.id,\n name: \"my_example\",\n type: \"HTTP\",\n httpConfig: {\n endpoint: \"http://example.com\",\n },\n});\n// UNIT type resolver (default)\nconst testResolver = new aws.appsync.Resolver(\"testResolver\", {\n apiId: testGraphQLApi.id,\n field: \"singlePost\",\n type: \"Query\",\n dataSource: testDataSource.name,\n requestTemplate: `{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n`,\n responseTemplate: `#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n`,\n cachingConfig: {\n cachingKeys: [\n \"$context.identity.sub\",\n \"$context.arguments.id\",\n ],\n ttl: 60,\n },\n});\n// PIPELINE type resolver\nconst mutationPipelineTest = new aws.appsync.Resolver(\"mutationPipelineTest\", {\n type: \"Mutation\",\n apiId: testGraphQLApi.id,\n field: \"pipelineTest\",\n requestTemplate: \"{}\",\n responseTemplate: \"$util.toJson($ctx.result)\",\n kind: \"PIPELINE\",\n pipelineConfig: {\n functions: [\n aws_appsync_function.test1.function_id,\n aws_appsync_function.test2.function_id,\n aws_appsync_function.test3.function_id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_graph_ql_api = aws.appsync.GraphQLApi(\"testGraphQLApi\",\n authentication_type=\"API_KEY\",\n schema=\"\"\"type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n\"\"\")\ntest_data_source = aws.appsync.DataSource(\"testDataSource\",\n api_id=test_graph_ql_api.id,\n name=\"my_example\",\n type=\"HTTP\",\n http_config=aws.appsync.DataSourceHttpConfigArgs(\n endpoint=\"http://example.com\",\n ))\n# UNIT type resolver (default)\ntest_resolver = aws.appsync.Resolver(\"testResolver\",\n api_id=test_graph_ql_api.id,\n field=\"singlePost\",\n type=\"Query\",\n data_source=test_data_source.name,\n request_template=\"\"\"{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n\"\"\",\n response_template=\"\"\"#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n\"\"\",\n caching_config=aws.appsync.ResolverCachingConfigArgs(\n caching_keys=[\n \"$context.identity.sub\",\n \"$context.arguments.id\",\n ],\n ttl=60,\n ))\n# PIPELINE type resolver\nmutation_pipeline_test = aws.appsync.Resolver(\"mutationPipelineTest\",\n type=\"Mutation\",\n api_id=test_graph_ql_api.id,\n field=\"pipelineTest\",\n request_template=\"{}\",\n response_template=\"$util.toJson($ctx.result)\",\n kind=\"PIPELINE\",\n pipeline_config=aws.appsync.ResolverPipelineConfigArgs(\n functions=[\n aws_appsync_function[\"test1\"][\"function_id\"],\n aws_appsync_function[\"test2\"][\"function_id\"],\n aws_appsync_function[\"test3\"][\"function_id\"],\n ],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testGraphQLApi = new Aws.AppSync.GraphQLApi(\"testGraphQLApi\", new()\n {\n AuthenticationType = \"API_KEY\",\n Schema = @\"type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n\",\n });\n\n var testDataSource = new Aws.AppSync.DataSource(\"testDataSource\", new()\n {\n ApiId = testGraphQLApi.Id,\n Name = \"my_example\",\n Type = \"HTTP\",\n HttpConfig = new Aws.AppSync.Inputs.DataSourceHttpConfigArgs\n {\n Endpoint = \"http://example.com\",\n },\n });\n\n // UNIT type resolver (default)\n var testResolver = new Aws.AppSync.Resolver(\"testResolver\", new()\n {\n ApiId = testGraphQLApi.Id,\n Field = \"singlePost\",\n Type = \"Query\",\n DataSource = testDataSource.Name,\n RequestTemplate = @\"{\n \"\"version\"\": \"\"2018-05-29\"\",\n \"\"method\"\": \"\"GET\"\",\n \"\"resourcePath\"\": \"\"/\"\",\n \"\"params\"\":{\n \"\"headers\"\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n\",\n ResponseTemplate = @\"#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n\",\n CachingConfig = new Aws.AppSync.Inputs.ResolverCachingConfigArgs\n {\n CachingKeys = new[]\n {\n \"$context.identity.sub\",\n \"$context.arguments.id\",\n },\n Ttl = 60,\n },\n });\n\n // PIPELINE type resolver\n var mutationPipelineTest = new Aws.AppSync.Resolver(\"mutationPipelineTest\", new()\n {\n Type = \"Mutation\",\n ApiId = testGraphQLApi.Id,\n Field = \"pipelineTest\",\n RequestTemplate = \"{}\",\n ResponseTemplate = \"$util.toJson($ctx.result)\",\n Kind = \"PIPELINE\",\n PipelineConfig = new Aws.AppSync.Inputs.ResolverPipelineConfigArgs\n {\n Functions = new[]\n {\n aws_appsync_function.Test1.Function_id,\n aws_appsync_function.Test2.Function_id,\n aws_appsync_function.Test3.Function_id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"testGraphQLApi\", \u0026appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t\tSchema: pulumi.String(`type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n`),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestDataSource, err := appsync.NewDataSource(ctx, \"testDataSource\", \u0026appsync.DataSourceArgs{\n\t\t\tApiId: testGraphQLApi.ID(),\n\t\t\tName: pulumi.String(\"my_example\"),\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\tHttpConfig: \u0026appsync.DataSourceHttpConfigArgs{\n\t\t\t\tEndpoint: pulumi.String(\"http://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// UNIT type resolver (default)\n\t\t_, err = appsync.NewResolver(ctx, \"testResolver\", \u0026appsync.ResolverArgs{\n\t\t\tApiId: testGraphQLApi.ID(),\n\t\t\tField: pulumi.String(\"singlePost\"),\n\t\t\tType: pulumi.String(\"Query\"),\n\t\t\tDataSource: testDataSource.Name,\n\t\t\tRequestTemplate: pulumi.String(`{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n`),\n\t\t\tResponseTemplate: pulumi.String(`#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n`),\n\t\t\tCachingConfig: \u0026appsync.ResolverCachingConfigArgs{\n\t\t\t\tCachingKeys: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"$context.identity.sub\"),\n\t\t\t\t\tpulumi.String(\"$context.arguments.id\"),\n\t\t\t\t},\n\t\t\t\tTtl: pulumi.Int(60),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// PIPELINE type resolver\n\t\t_, err = appsync.NewResolver(ctx, \"mutationPipelineTest\", \u0026appsync.ResolverArgs{\n\t\t\tType: pulumi.String(\"Mutation\"),\n\t\t\tApiId: testGraphQLApi.ID(),\n\t\t\tField: pulumi.String(\"pipelineTest\"),\n\t\t\tRequestTemplate: pulumi.String(\"{}\"),\n\t\t\tResponseTemplate: pulumi.String(\"$util.toJson($ctx.result)\"),\n\t\t\tKind: pulumi.String(\"PIPELINE\"),\n\t\t\tPipelineConfig: \u0026appsync.ResolverPipelineConfigArgs{\n\t\t\t\tFunctions: pulumi.StringArray{\n\t\t\t\t\taws_appsync_function.Test1.Function_id,\n\t\t\t\t\taws_appsync_function.Test2.Function_id,\n\t\t\t\t\taws_appsync_function.Test3.Function_id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.appsync.GraphQLApi;\nimport com.pulumi.aws.appsync.GraphQLApiArgs;\nimport com.pulumi.aws.appsync.DataSource;\nimport com.pulumi.aws.appsync.DataSourceArgs;\nimport com.pulumi.aws.appsync.inputs.DataSourceHttpConfigArgs;\nimport com.pulumi.aws.appsync.Resolver;\nimport com.pulumi.aws.appsync.ResolverArgs;\nimport com.pulumi.aws.appsync.inputs.ResolverCachingConfigArgs;\nimport com.pulumi.aws.appsync.inputs.ResolverPipelineConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testGraphQLApi = new GraphQLApi(\"testGraphQLApi\", GraphQLApiArgs.builder() \n .authenticationType(\"API_KEY\")\n .schema(\"\"\"\ntype Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n \"\"\")\n .build());\n\n var testDataSource = new DataSource(\"testDataSource\", DataSourceArgs.builder() \n .apiId(testGraphQLApi.id())\n .name(\"my_example\")\n .type(\"HTTP\")\n .httpConfig(DataSourceHttpConfigArgs.builder()\n .endpoint(\"http://example.com\")\n .build())\n .build());\n\n var testResolver = new Resolver(\"testResolver\", ResolverArgs.builder() \n .apiId(testGraphQLApi.id())\n .field(\"singlePost\")\n .type(\"Query\")\n .dataSource(testDataSource.name())\n .requestTemplate(\"\"\"\n{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n \"\"\")\n .responseTemplate(\"\"\"\n#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n \"\"\")\n .cachingConfig(ResolverCachingConfigArgs.builder()\n .cachingKeys( \n \"$context.identity.sub\",\n \"$context.arguments.id\")\n .ttl(60)\n .build())\n .build());\n\n var mutationPipelineTest = new Resolver(\"mutationPipelineTest\", ResolverArgs.builder() \n .type(\"Mutation\")\n .apiId(testGraphQLApi.id())\n .field(\"pipelineTest\")\n .requestTemplate(\"{}\")\n .responseTemplate(\"$util.toJson($ctx.result)\")\n .kind(\"PIPELINE\")\n .pipelineConfig(ResolverPipelineConfigArgs.builder()\n .functions( \n aws_appsync_function.test1().function_id(),\n aws_appsync_function.test2().function_id(),\n aws_appsync_function.test3().function_id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testGraphQLApi:\n type: aws:appsync:GraphQLApi\n properties:\n authenticationType: API_KEY\n schema: |\n type Mutation {\n \tputPost(id: ID!, title: String!): Post\n }\n\n type Post {\n \tid: ID!\n \ttitle: String!\n }\n\n type Query {\n \tsinglePost(id: ID!): Post\n }\n\n schema {\n \tquery: Query\n \tmutation: Mutation\n }\n testDataSource:\n type: aws:appsync:DataSource\n properties:\n apiId: ${testGraphQLApi.id}\n name: my_example\n type: HTTP\n httpConfig:\n endpoint: http://example.com\n # UNIT type resolver (default)\n testResolver:\n type: aws:appsync:Resolver\n properties:\n apiId: ${testGraphQLApi.id}\n field: singlePost\n type: Query\n dataSource: ${testDataSource.name}\n requestTemplate: |\n {\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n }\n responseTemplate: |\n #if($ctx.result.statusCode == 200)\n $ctx.result.body\n #else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n #end\n cachingConfig:\n cachingKeys:\n - $context.identity.sub\n - $context.arguments.id\n ttl: 60\n # PIPELINE type resolver\n mutationPipelineTest:\n type: aws:appsync:Resolver\n properties:\n type: Mutation\n apiId: ${testGraphQLApi.id}\n field: pipelineTest\n requestTemplate: '{}'\n responseTemplate: $util.toJson($ctx.result)\n kind: PIPELINE\n pipelineConfig:\n functions:\n - ${aws_appsync_function.test1.function_id}\n - ${aws_appsync_function.test2.function_id}\n - ${aws_appsync_function.test3.function_id}\n```\n\n{{% /example %}}\n{{% example %}}\n### JS\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\n\nconst example = new aws.appsync.Resolver(\"example\", {\n type: \"Query\",\n apiId: aws_appsync_graphql_api.test.id,\n field: \"pipelineTest\",\n kind: \"PIPELINE\",\n code: fs.readFileSync(\"some-code-dir\", \"utf8\"),\n runtime: {\n name: \"APPSYNC_JS\",\n runtimeVersion: \"1.0.0\",\n },\n pipelineConfig: {\n functions: [aws_appsync_function.test.function_id],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appsync.Resolver(\"example\",\n type=\"Query\",\n api_id=aws_appsync_graphql_api[\"test\"][\"id\"],\n field=\"pipelineTest\",\n kind=\"PIPELINE\",\n code=(lambda path: open(path).read())(\"some-code-dir\"),\n runtime=aws.appsync.ResolverRuntimeArgs(\n name=\"APPSYNC_JS\",\n runtime_version=\"1.0.0\",\n ),\n pipeline_config=aws.appsync.ResolverPipelineConfigArgs(\n functions=[aws_appsync_function[\"test\"][\"function_id\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.AppSync.Resolver(\"example\", new()\n {\n Type = \"Query\",\n ApiId = aws_appsync_graphql_api.Test.Id,\n Field = \"pipelineTest\",\n Kind = \"PIPELINE\",\n Code = File.ReadAllText(\"some-code-dir\"),\n Runtime = new Aws.AppSync.Inputs.ResolverRuntimeArgs\n {\n Name = \"APPSYNC_JS\",\n RuntimeVersion = \"1.0.0\",\n },\n PipelineConfig = new Aws.AppSync.Inputs.ResolverPipelineConfigArgs\n {\n Functions = new[]\n {\n aws_appsync_function.Test.Function_id,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appsync.NewResolver(ctx, \"example\", \u0026appsync.ResolverArgs{\n\t\t\tType: pulumi.String(\"Query\"),\n\t\t\tApiId: pulumi.Any(aws_appsync_graphql_api.Test.Id),\n\t\t\tField: pulumi.String(\"pipelineTest\"),\n\t\t\tKind: pulumi.String(\"PIPELINE\"),\n\t\t\tCode: readFileOrPanic(\"some-code-dir\"),\n\t\t\tRuntime: \u0026appsync.ResolverRuntimeArgs{\n\t\t\t\tName: pulumi.String(\"APPSYNC_JS\"),\n\t\t\t\tRuntimeVersion: pulumi.String(\"1.0.0\"),\n\t\t\t},\n\t\t\tPipelineConfig: \u0026appsync.ResolverPipelineConfigArgs{\n\t\t\t\tFunctions: pulumi.StringArray{\n\t\t\t\t\taws_appsync_function.Test.Function_id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.appsync.Resolver;\nimport com.pulumi.aws.appsync.ResolverArgs;\nimport com.pulumi.aws.appsync.inputs.ResolverRuntimeArgs;\nimport com.pulumi.aws.appsync.inputs.ResolverPipelineConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Resolver(\"example\", ResolverArgs.builder() \n .type(\"Query\")\n .apiId(aws_appsync_graphql_api.test().id())\n .field(\"pipelineTest\")\n .kind(\"PIPELINE\")\n .code(Files.readString(Paths.get(\"some-code-dir\")))\n .runtime(ResolverRuntimeArgs.builder()\n .name(\"APPSYNC_JS\")\n .runtimeVersion(\"1.0.0\")\n .build())\n .pipelineConfig(ResolverPipelineConfigArgs.builder()\n .functions(aws_appsync_function.test().function_id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:appsync:Resolver\n properties:\n type: Query\n apiId: ${aws_appsync_graphql_api.test.id}\n field: pipelineTest\n kind: PIPELINE\n code:\n fn::readFile: some-code-dir\n runtime:\n name: APPSYNC_JS\n runtimeVersion: 1.0.0\n pipelineConfig:\n functions:\n - ${aws_appsync_function.test.function_id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_appsync_resolver` using the `api_id`, a hyphen, `type`, a hypen and `field`. For example:\n\n```sh\n $ pulumi import aws:appsync/resolver:Resolver example abcdef123456-exampleType-exampleField\n```\n ", "properties": { "apiId": { "type": "string", @@ -168139,7 +168139,7 @@ } }, "aws:autoscaling/attachment:Attachment": { - "description": "Attaches a load balancer to an Auto Scaling group.\n\n\u003e **NOTE on Auto Scaling Groups, Attachments and Traffic Source Attachments:** Pulumi provides standalone Attachment (for attaching Classic Load Balancers and Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target groups) and Traffic Source Attachment (for attaching Load Balancers and VPC Lattice target groups) resources and an Auto Scaling Group resource with `load_balancers`, `target_group_arns` and `traffic_source` attributes. Do not use the same traffic source in more than one of these resources. Doing so will cause a conflict of attachments. A `lifecycle` configuration block can be used to suppress differences if necessary.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer attachment\nconst example = new aws.autoscaling.Attachment(\"example\", {\n autoscalingGroupName: aws_autoscaling_group.example.id,\n elb: aws_elb.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer attachment\nexample = aws.autoscaling.Attachment(\"example\",\n autoscaling_group_name=aws_autoscaling_group[\"example\"][\"id\"],\n elb=aws_elb[\"example\"][\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new load balancer attachment\n var example = new Aws.AutoScaling.Attachment(\"example\", new()\n {\n AutoscalingGroupName = aws_autoscaling_group.Example.Id,\n Elb = aws_elb.Example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := autoscaling.NewAttachment(ctx, \"example\", \u0026autoscaling.AttachmentArgs{\n\t\t\tAutoscalingGroupName: pulumi.Any(aws_autoscaling_group.Example.Id),\n\t\t\tElb: pulumi.Any(aws_elb.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.autoscaling.Attachment;\nimport com.pulumi.aws.autoscaling.AttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Attachment(\"example\", AttachmentArgs.builder() \n .autoscalingGroupName(aws_autoscaling_group.example().id())\n .elb(aws_elb.example().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new load balancer attachment\n example:\n type: aws:autoscaling:Attachment\n properties:\n autoscalingGroupName: ${aws_autoscaling_group.example.id}\n elb: ${aws_elb.example.id}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new ALB Target Group attachment\nconst example = new aws.autoscaling.Attachment(\"example\", {\n autoscalingGroupName: aws_autoscaling_group.example.id,\n lbTargetGroupArn: aws_lb_target_group.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new ALB Target Group attachment\nexample = aws.autoscaling.Attachment(\"example\",\n autoscaling_group_name=aws_autoscaling_group[\"example\"][\"id\"],\n lb_target_group_arn=aws_lb_target_group[\"example\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new ALB Target Group attachment\n var example = new Aws.AutoScaling.Attachment(\"example\", new()\n {\n AutoscalingGroupName = aws_autoscaling_group.Example.Id,\n LbTargetGroupArn = aws_lb_target_group.Example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := autoscaling.NewAttachment(ctx, \"example\", \u0026autoscaling.AttachmentArgs{\n\t\t\tAutoscalingGroupName: pulumi.Any(aws_autoscaling_group.Example.Id),\n\t\t\tLbTargetGroupArn: pulumi.Any(aws_lb_target_group.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.autoscaling.Attachment;\nimport com.pulumi.aws.autoscaling.AttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Attachment(\"example\", AttachmentArgs.builder() \n .autoscalingGroupName(aws_autoscaling_group.example().id())\n .lbTargetGroupArn(aws_lb_target_group.example().arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new ALB Target Group attachment\n example:\n type: aws:autoscaling:Attachment\n properties:\n autoscalingGroupName: ${aws_autoscaling_group.example.id}\n lbTargetGroupArn: ${aws_lb_target_group.example.arn}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Attaches a load balancer to an Auto Scaling group.\n\n\u003e **NOTE on Auto Scaling Groups, Attachments and Traffic Source Attachments:** Pulumi provides standalone Attachment (for attaching Classic Load Balancers and Application Load Balancer, Gateway Load Balancer, or Network Load Balancer target groups) and Traffic Source Attachment (for attaching Load Balancers and VPC Lattice target groups) resources and an Auto Scaling Group resource with `load_balancers`, `target_group_arns` and `traffic_source` attributes. Do not use the same traffic source in more than one of these resources. Doing so will cause a conflict of attachments. A `lifecycle` configuration block can be used to suppress differences if necessary.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer attachment\nconst example = new aws.autoscaling.Attachment(\"example\", {\n autoscalingGroupName: aws_autoscaling_group.example.id,\n elb: aws_elb.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer attachment\nexample = aws.autoscaling.Attachment(\"example\",\n autoscaling_group_name=aws_autoscaling_group[\"example\"][\"id\"],\n elb=aws_elb[\"example\"][\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new load balancer attachment\n var example = new Aws.AutoScaling.Attachment(\"example\", new()\n {\n AutoscalingGroupName = aws_autoscaling_group.Example.Id,\n Elb = aws_elb.Example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new load balancer attachment\n\t\t_, err := autoscaling.NewAttachment(ctx, \"example\", \u0026autoscaling.AttachmentArgs{\n\t\t\tAutoscalingGroupName: pulumi.Any(aws_autoscaling_group.Example.Id),\n\t\t\tElb: pulumi.Any(aws_elb.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.autoscaling.Attachment;\nimport com.pulumi.aws.autoscaling.AttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Attachment(\"example\", AttachmentArgs.builder() \n .autoscalingGroupName(aws_autoscaling_group.example().id())\n .elb(aws_elb.example().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new load balancer attachment\n example:\n type: aws:autoscaling:Attachment\n properties:\n autoscalingGroupName: ${aws_autoscaling_group.example.id}\n elb: ${aws_elb.example.id}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new ALB Target Group attachment\nconst example = new aws.autoscaling.Attachment(\"example\", {\n autoscalingGroupName: aws_autoscaling_group.example.id,\n lbTargetGroupArn: aws_lb_target_group.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new ALB Target Group attachment\nexample = aws.autoscaling.Attachment(\"example\",\n autoscaling_group_name=aws_autoscaling_group[\"example\"][\"id\"],\n lb_target_group_arn=aws_lb_target_group[\"example\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new ALB Target Group attachment\n var example = new Aws.AutoScaling.Attachment(\"example\", new()\n {\n AutoscalingGroupName = aws_autoscaling_group.Example.Id,\n LbTargetGroupArn = aws_lb_target_group.Example.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new ALB Target Group attachment\n\t\t_, err := autoscaling.NewAttachment(ctx, \"example\", \u0026autoscaling.AttachmentArgs{\n\t\t\tAutoscalingGroupName: pulumi.Any(aws_autoscaling_group.Example.Id),\n\t\t\tLbTargetGroupArn: pulumi.Any(aws_lb_target_group.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.autoscaling.Attachment;\nimport com.pulumi.aws.autoscaling.AttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Attachment(\"example\", AttachmentArgs.builder() \n .autoscalingGroupName(aws_autoscaling_group.example().id())\n .lbTargetGroupArn(aws_lb_target_group.example().arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new ALB Target Group attachment\n example:\n type: aws:autoscaling:Attachment\n properties:\n autoscalingGroupName: ${aws_autoscaling_group.example.id}\n lbTargetGroupArn: ${aws_lb_target_group.example.arn}\n```\n{{% /example %}}\n{{% /examples %}}", "properties": { "autoscalingGroupName": { "type": "string", @@ -170153,7 +170153,7 @@ } }, "aws:backup/selection:Selection": { - "description": "Manages selection conditions for AWS Backup plan resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### IAM Role\n\n\u003e For more information about creating and managing IAM Roles for backups and restores, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html).\n\nThe below example creates an IAM role with the default managed IAM Policy for allowing AWS Backup to create backups.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"backup.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role: exampleRole.name,\n});\n// ... other configuration ...\nconst exampleSelection = new aws.backup.Selection(\"exampleSelection\", {iamRoleArn: exampleRole.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"backup.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=assume_role.json)\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role=example_role.name)\n# ... other configuration ...\nexample_selection = aws.backup.Selection(\"exampleSelection\", iam_role_arn=example_role.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"backup.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n Role = exampleRole.Name,\n });\n\n // ... other configuration ...\n var exampleSelection = new Aws.Backup.Selection(\"exampleSelection\", new()\n {\n IamRoleArn = exampleRole.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"backup.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"exampleRolePolicyAttachment\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\"),\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = backup.NewSelection(ctx, \"exampleSelection\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: exampleRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"backup.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\")\n .role(exampleRole.name())\n .build());\n\n var exampleSelection = new Selection(\"exampleSelection\", SelectionArgs.builder() \n .iamRoleArn(exampleRole.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\n role: ${exampleRole.name}\n exampleSelection:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleRole.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - backup.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Tag\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n selectionTags: [{\n type: \"STRINGEQUALS\",\n key: \"foo\",\n value: \"bar\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n selection_tags=[aws.backup.SelectionSelectionTagArgs(\n type=\"STRINGEQUALS\",\n key=\"foo\",\n value=\"bar\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n SelectionTags = new[]\n {\n new Aws.Backup.Inputs.SelectionSelectionTagArgs\n {\n Type = \"STRINGEQUALS\",\n Key = \"foo\",\n Value = \"bar\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tSelectionTags: backup.SelectionSelectionTagArray{\n\t\t\t\t\u0026backup.SelectionSelectionTagArgs{\n\t\t\t\t\tType: pulumi.String(\"STRINGEQUALS\"),\n\t\t\t\t\tKey: pulumi.String(\"foo\"),\n\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport com.pulumi.aws.backup.inputs.SelectionSelectionTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(aws_iam_role.example().arn())\n .planId(aws_backup_plan.example().id())\n .selectionTags(SelectionSelectionTagArgs.builder()\n .type(\"STRINGEQUALS\")\n .key(\"foo\")\n .value(\"bar\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${aws_iam_role.example.arn}\n planId: ${aws_backup_plan.example.id}\n selectionTags:\n - type: STRINGEQUALS\n key: foo\n value: bar\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Conditions\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n resources: [\"*\"],\n conditions: [{\n stringEquals: [{\n key: \"aws:ResourceTag/Component\",\n value: \"rds\",\n }],\n stringLikes: [{\n key: \"aws:ResourceTag/Application\",\n value: \"app*\",\n }],\n stringNotEquals: [{\n key: \"aws:ResourceTag/Backup\",\n value: \"false\",\n }],\n stringNotLikes: [{\n key: \"aws:ResourceTag/Environment\",\n value: \"test*\",\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n resources=[\"*\"],\n conditions=[aws.backup.SelectionConditionArgs(\n string_equals=[aws.backup.SelectionConditionStringEqualArgs(\n key=\"aws:ResourceTag/Component\",\n value=\"rds\",\n )],\n string_likes=[aws.backup.SelectionConditionStringLikeArgs(\n key=\"aws:ResourceTag/Application\",\n value=\"app*\",\n )],\n string_not_equals=[aws.backup.SelectionConditionStringNotEqualArgs(\n key=\"aws:ResourceTag/Backup\",\n value=\"false\",\n )],\n string_not_likes=[aws.backup.SelectionConditionStringNotLikeArgs(\n key=\"aws:ResourceTag/Environment\",\n value=\"test*\",\n )],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n Resources = new[]\n {\n \"*\",\n },\n Conditions = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionArgs\n {\n StringEquals = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringEqualArgs\n {\n Key = \"aws:ResourceTag/Component\",\n Value = \"rds\",\n },\n },\n StringLikes = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringLikeArgs\n {\n Key = \"aws:ResourceTag/Application\",\n Value = \"app*\",\n },\n },\n StringNotEquals = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringNotEqualArgs\n {\n Key = \"aws:ResourceTag/Backup\",\n Value = \"false\",\n },\n },\n StringNotLikes = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringNotLikeArgs\n {\n Key = \"aws:ResourceTag/Environment\",\n Value = \"test*\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"*\"),\n\t\t\t},\n\t\t\tConditions: backup.SelectionConditionArray{\n\t\t\t\t\u0026backup.SelectionConditionArgs{\n\t\t\t\t\tStringEquals: backup.SelectionConditionStringEqualArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringEqualArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Component\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"rds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringLikes: backup.SelectionConditionStringLikeArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringLikeArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Application\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"app*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringNotEquals: backup.SelectionConditionStringNotEqualArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringNotEqualArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Backup\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringNotLikes: backup.SelectionConditionStringNotLikeArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringNotLikeArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Environment\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"test*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport com.pulumi.aws.backup.inputs.SelectionConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(aws_iam_role.example().arn())\n .planId(aws_backup_plan.example().id())\n .resources(\"*\")\n .conditions(SelectionConditionArgs.builder()\n .stringEquals(SelectionConditionStringEqualArgs.builder()\n .key(\"aws:ResourceTag/Component\")\n .value(\"rds\")\n .build())\n .stringLikes(SelectionConditionStringLikeArgs.builder()\n .key(\"aws:ResourceTag/Application\")\n .value(\"app*\")\n .build())\n .stringNotEquals(SelectionConditionStringNotEqualArgs.builder()\n .key(\"aws:ResourceTag/Backup\")\n .value(\"false\")\n .build())\n .stringNotLikes(SelectionConditionStringNotLikeArgs.builder()\n .key(\"aws:ResourceTag/Environment\")\n .value(\"test*\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${aws_iam_role.example.arn}\n planId: ${aws_backup_plan.example.id}\n resources:\n - '*'\n conditions:\n - stringEquals:\n - key: aws:ResourceTag/Component\n value: rds\n stringLikes:\n - key: aws:ResourceTag/Application\n value: app*\n stringNotEquals:\n - key: aws:ResourceTag/Backup\n value: 'false'\n stringNotLikes:\n - key: aws:ResourceTag/Environment\n value: test*\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n resources: [\n aws_db_instance.example.arn,\n aws_ebs_volume.example.arn,\n aws_efs_file_system.example.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n resources=[\n aws_db_instance[\"example\"][\"arn\"],\n aws_ebs_volume[\"example\"][\"arn\"],\n aws_efs_file_system[\"example\"][\"arn\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n Resources = new[]\n {\n aws_db_instance.Example.Arn,\n aws_ebs_volume.Example.Arn,\n aws_efs_file_system.Example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\taws_db_instance.Example.Arn,\n\t\t\t\taws_ebs_volume.Example.Arn,\n\t\t\t\taws_efs_file_system.Example.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(aws_iam_role.example().arn())\n .planId(aws_backup_plan.example().id())\n .resources( \n aws_db_instance.example().arn(),\n aws_ebs_volume.example().arn(),\n aws_efs_file_system.example().arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${aws_iam_role.example.arn}\n planId: ${aws_backup_plan.example.id}\n resources:\n - ${aws_db_instance.example.arn}\n - ${aws_ebs_volume.example.arn}\n - ${aws_efs_file_system.example.arn}\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Not Resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n notResources: [\n aws_db_instance.example.arn,\n aws_ebs_volume.example.arn,\n aws_efs_file_system.example.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n not_resources=[\n aws_db_instance[\"example\"][\"arn\"],\n aws_ebs_volume[\"example\"][\"arn\"],\n aws_efs_file_system[\"example\"][\"arn\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n NotResources = new[]\n {\n aws_db_instance.Example.Arn,\n aws_ebs_volume.Example.Arn,\n aws_efs_file_system.Example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tNotResources: pulumi.StringArray{\n\t\t\t\taws_db_instance.Example.Arn,\n\t\t\t\taws_ebs_volume.Example.Arn,\n\t\t\t\taws_efs_file_system.Example.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(aws_iam_role.example().arn())\n .planId(aws_backup_plan.example().id())\n .notResources( \n aws_db_instance.example().arn(),\n aws_ebs_volume.example().arn(),\n aws_efs_file_system.example().arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${aws_iam_role.example.arn}\n planId: ${aws_backup_plan.example.id}\n notResources:\n - ${aws_db_instance.example.arn}\n - ${aws_ebs_volume.example.arn}\n - ${aws_efs_file_system.example.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Backup selection using the role plan_id and id separated by `|`. For example:\n\n```sh\n $ pulumi import aws:backup/selection:Selection example plan-id|selection-id\n```\n ", + "description": "Manages selection conditions for AWS Backup plan resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### IAM Role\n\n\u003e For more information about creating and managing IAM Roles for backups and restores, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html).\n\nThe below example creates an IAM role with the default managed IAM Policy for allowing AWS Backup to create backups.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"backup.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role: exampleRole.name,\n});\n// ... other configuration ...\nconst exampleSelection = new aws.backup.Selection(\"exampleSelection\", {iamRoleArn: exampleRole.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"backup.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=assume_role.json)\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role=example_role.name)\n# ... other configuration ...\nexample_selection = aws.backup.Selection(\"exampleSelection\", iam_role_arn=example_role.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"backup.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n Role = exampleRole.Name,\n });\n\n // ... other configuration ...\n var exampleSelection = new Aws.Backup.Selection(\"exampleSelection\", new()\n {\n IamRoleArn = exampleRole.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"backup.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"exampleRolePolicyAttachment\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\"),\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ... other configuration ...\n\t\t_, err = backup.NewSelection(ctx, \"exampleSelection\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: exampleRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"backup.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\")\n .role(exampleRole.name())\n .build());\n\n var exampleSelection = new Selection(\"exampleSelection\", SelectionArgs.builder() \n .iamRoleArn(exampleRole.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\n role: ${exampleRole.name}\n exampleSelection:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${exampleRole.arn}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - backup.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Tag\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n selectionTags: [{\n type: \"STRINGEQUALS\",\n key: \"foo\",\n value: \"bar\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n selection_tags=[aws.backup.SelectionSelectionTagArgs(\n type=\"STRINGEQUALS\",\n key=\"foo\",\n value=\"bar\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n SelectionTags = new[]\n {\n new Aws.Backup.Inputs.SelectionSelectionTagArgs\n {\n Type = \"STRINGEQUALS\",\n Key = \"foo\",\n Value = \"bar\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tSelectionTags: backup.SelectionSelectionTagArray{\n\t\t\t\t\u0026backup.SelectionSelectionTagArgs{\n\t\t\t\t\tType: pulumi.String(\"STRINGEQUALS\"),\n\t\t\t\t\tKey: pulumi.String(\"foo\"),\n\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport com.pulumi.aws.backup.inputs.SelectionSelectionTagArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(aws_iam_role.example().arn())\n .planId(aws_backup_plan.example().id())\n .selectionTags(SelectionSelectionTagArgs.builder()\n .type(\"STRINGEQUALS\")\n .key(\"foo\")\n .value(\"bar\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${aws_iam_role.example.arn}\n planId: ${aws_backup_plan.example.id}\n selectionTags:\n - type: STRINGEQUALS\n key: foo\n value: bar\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Conditions\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n resources: [\"*\"],\n conditions: [{\n stringEquals: [{\n key: \"aws:ResourceTag/Component\",\n value: \"rds\",\n }],\n stringLikes: [{\n key: \"aws:ResourceTag/Application\",\n value: \"app*\",\n }],\n stringNotEquals: [{\n key: \"aws:ResourceTag/Backup\",\n value: \"false\",\n }],\n stringNotLikes: [{\n key: \"aws:ResourceTag/Environment\",\n value: \"test*\",\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n resources=[\"*\"],\n conditions=[aws.backup.SelectionConditionArgs(\n string_equals=[aws.backup.SelectionConditionStringEqualArgs(\n key=\"aws:ResourceTag/Component\",\n value=\"rds\",\n )],\n string_likes=[aws.backup.SelectionConditionStringLikeArgs(\n key=\"aws:ResourceTag/Application\",\n value=\"app*\",\n )],\n string_not_equals=[aws.backup.SelectionConditionStringNotEqualArgs(\n key=\"aws:ResourceTag/Backup\",\n value=\"false\",\n )],\n string_not_likes=[aws.backup.SelectionConditionStringNotLikeArgs(\n key=\"aws:ResourceTag/Environment\",\n value=\"test*\",\n )],\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n Resources = new[]\n {\n \"*\",\n },\n Conditions = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionArgs\n {\n StringEquals = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringEqualArgs\n {\n Key = \"aws:ResourceTag/Component\",\n Value = \"rds\",\n },\n },\n StringLikes = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringLikeArgs\n {\n Key = \"aws:ResourceTag/Application\",\n Value = \"app*\",\n },\n },\n StringNotEquals = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringNotEqualArgs\n {\n Key = \"aws:ResourceTag/Backup\",\n Value = \"false\",\n },\n },\n StringNotLikes = new[]\n {\n new Aws.Backup.Inputs.SelectionConditionStringNotLikeArgs\n {\n Key = \"aws:ResourceTag/Environment\",\n Value = \"test*\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"*\"),\n\t\t\t},\n\t\t\tConditions: backup.SelectionConditionArray{\n\t\t\t\t\u0026backup.SelectionConditionArgs{\n\t\t\t\t\tStringEquals: backup.SelectionConditionStringEqualArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringEqualArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Component\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"rds\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringLikes: backup.SelectionConditionStringLikeArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringLikeArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Application\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"app*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringNotEquals: backup.SelectionConditionStringNotEqualArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringNotEqualArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Backup\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStringNotLikes: backup.SelectionConditionStringNotLikeArray{\n\t\t\t\t\t\t\u0026backup.SelectionConditionStringNotLikeArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"aws:ResourceTag/Environment\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"test*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport com.pulumi.aws.backup.inputs.SelectionConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(aws_iam_role.example().arn())\n .planId(aws_backup_plan.example().id())\n .resources(\"*\")\n .conditions(SelectionConditionArgs.builder()\n .stringEquals(SelectionConditionStringEqualArgs.builder()\n .key(\"aws:ResourceTag/Component\")\n .value(\"rds\")\n .build())\n .stringLikes(SelectionConditionStringLikeArgs.builder()\n .key(\"aws:ResourceTag/Application\")\n .value(\"app*\")\n .build())\n .stringNotEquals(SelectionConditionStringNotEqualArgs.builder()\n .key(\"aws:ResourceTag/Backup\")\n .value(\"false\")\n .build())\n .stringNotLikes(SelectionConditionStringNotLikeArgs.builder()\n .key(\"aws:ResourceTag/Environment\")\n .value(\"test*\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${aws_iam_role.example.arn}\n planId: ${aws_backup_plan.example.id}\n resources:\n - '*'\n conditions:\n - stringEquals:\n - key: aws:ResourceTag/Component\n value: rds\n stringLikes:\n - key: aws:ResourceTag/Application\n value: app*\n stringNotEquals:\n - key: aws:ResourceTag/Backup\n value: 'false'\n stringNotLikes:\n - key: aws:ResourceTag/Environment\n value: test*\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n resources: [\n aws_db_instance.example.arn,\n aws_ebs_volume.example.arn,\n aws_efs_file_system.example.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n resources=[\n aws_db_instance[\"example\"][\"arn\"],\n aws_ebs_volume[\"example\"][\"arn\"],\n aws_efs_file_system[\"example\"][\"arn\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n Resources = new[]\n {\n aws_db_instance.Example.Arn,\n aws_ebs_volume.Example.Arn,\n aws_efs_file_system.Example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\taws_db_instance.Example.Arn,\n\t\t\t\taws_ebs_volume.Example.Arn,\n\t\t\t\taws_efs_file_system.Example.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(aws_iam_role.example().arn())\n .planId(aws_backup_plan.example().id())\n .resources( \n aws_db_instance.example().arn(),\n aws_ebs_volume.example().arn(),\n aws_efs_file_system.example().arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${aws_iam_role.example.arn}\n planId: ${aws_backup_plan.example.id}\n resources:\n - ${aws_db_instance.example.arn}\n - ${aws_ebs_volume.example.arn}\n - ${aws_efs_file_system.example.arn}\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Not Resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n notResources: [\n aws_db_instance.example.arn,\n aws_ebs_volume.example.arn,\n aws_efs_file_system.example.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n not_resources=[\n aws_db_instance[\"example\"][\"arn\"],\n aws_ebs_volume[\"example\"][\"arn\"],\n aws_efs_file_system[\"example\"][\"arn\"],\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Backup.Selection(\"example\", new()\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n NotResources = new[]\n {\n aws_db_instance.Example.Arn,\n aws_ebs_volume.Example.Arn,\n aws_efs_file_system.Example.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", \u0026backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tNotResources: pulumi.StringArray{\n\t\t\t\taws_db_instance.Example.Arn,\n\t\t\t\taws_ebs_volume.Example.Arn,\n\t\t\t\taws_efs_file_system.Example.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.backup.Selection;\nimport com.pulumi.aws.backup.SelectionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Selection(\"example\", SelectionArgs.builder() \n .iamRoleArn(aws_iam_role.example().arn())\n .planId(aws_backup_plan.example().id())\n .notResources( \n aws_db_instance.example().arn(),\n aws_ebs_volume.example().arn(),\n aws_efs_file_system.example().arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:backup:Selection\n properties:\n iamRoleArn: ${aws_iam_role.example.arn}\n planId: ${aws_backup_plan.example.id}\n notResources:\n - ${aws_db_instance.example.arn}\n - ${aws_ebs_volume.example.arn}\n - ${aws_efs_file_system.example.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Backup selection using the role plan_id and id separated by `|`. For example:\n\n```sh\n $ pulumi import aws:backup/selection:Selection example plan-id|selection-id\n```\n ", "properties": { "conditions": { "type": "array", @@ -173458,7 +173458,7 @@ } }, "aws:cfg/rule:Rule": { - "description": "Provides an AWS Config Rule.\n\n\u003e **Note:** Config Rule requires an existing Configuration Recorder to be present. Use of `depends_on` is recommended (as shown below) to avoid race conditions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### AWS Managed Rules\n\nAWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst foo = new aws.cfg.Recorder(\"foo\", {roleArn: role.arn});\nconst rule = new aws.cfg.Rule(\"rule\", {source: {\n owner: \"AWS\",\n sourceIdentifier: \"S3_BUCKET_VERSIONING_ENABLED\",\n}}, {\n dependsOn: [foo],\n});\nconst policyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"config:Put*\"],\n resources: [\"*\"],\n }],\n});\nconst rolePolicy = new aws.iam.RolePolicy(\"rolePolicy\", {\n role: role.id,\n policy: policyDocument.then(policyDocument =\u003e policyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\", assume_role_policy=assume_role.json)\nfoo = aws.cfg.Recorder(\"foo\", role_arn=role.arn)\nrule = aws.cfg.Rule(\"rule\", source=aws.cfg.RuleSourceArgs(\n owner=\"AWS\",\n source_identifier=\"S3_BUCKET_VERSIONING_ENABLED\",\n),\nopts=pulumi.ResourceOptions(depends_on=[foo]))\npolicy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"config:Put*\"],\n resources=[\"*\"],\n)])\nrole_policy = aws.iam.RolePolicy(\"rolePolicy\",\n role=role.id,\n policy=policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n RoleArn = role.Arn,\n });\n\n var rule = new Aws.Cfg.Rule(\"rule\", new()\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"AWS\",\n SourceIdentifier = \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n foo,\n },\n });\n\n var policyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"config:Put*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var rolePolicy = new Aws.Iam.RolePolicy(\"rolePolicy\", new()\n {\n Role = role.Id,\n Policy = policyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRule(ctx, \"rule\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\tSourceIdentifier: pulumi.String(\"S3_BUCKET_VERSIONING_ENABLED\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfoo,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"config:Put*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"rolePolicy\", \u0026iam.RolePolicyArgs{\n\t\t\tRole: role.ID(),\n\t\t\tPolicy: *pulumi.String(policyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .roleArn(role.arn())\n .build());\n\n var rule = new Rule(\"rule\", RuleArgs.builder() \n .source(RuleSourceArgs.builder()\n .owner(\"AWS\")\n .sourceIdentifier(\"S3_BUCKET_VERSIONING_ENABLED\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(foo)\n .build());\n\n final var policyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"config:Put*\")\n .resources(\"*\")\n .build())\n .build());\n\n var rolePolicy = new RolePolicy(\"rolePolicy\", RolePolicyArgs.builder() \n .role(role.id())\n .policy(policyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n rule:\n type: aws:cfg:Rule\n properties:\n source:\n owner: AWS\n sourceIdentifier: S3_BUCKET_VERSIONING_ENABLED\n options:\n dependson:\n - ${foo}\n foo:\n type: aws:cfg:Recorder\n properties:\n roleArn: ${role.arn}\n role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n rolePolicy:\n type: aws:iam:RolePolicy\n properties:\n role: ${role.id}\n policy: ${policyDocument.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n policyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - config:Put*\n resources:\n - '*'\n```\n{{% /example %}}\n{{% example %}}\n### Custom Rules\n\nCustom rules can be used by setting the source owner to `CUSTOM_LAMBDA` and the source identifier to the Amazon Resource Name (ARN) of the Lambda Function. The AWS Config service must have permissions to invoke the Lambda Function, e.g., via the `aws.lambda.Permission` resource. More information about custom rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRecorder = new aws.cfg.Recorder(\"exampleRecorder\", {});\n// ... other configuration ...\nconst exampleFunction = new aws.lambda.Function(\"exampleFunction\", {});\n// ... other configuration ...\nconst examplePermission = new aws.lambda.Permission(\"examplePermission\", {\n action: \"lambda:InvokeFunction\",\n \"function\": exampleFunction.arn,\n principal: \"config.amazonaws.com\",\n});\n// ... other configuration ...\nconst exampleRule = new aws.cfg.Rule(\"exampleRule\", {source: {\n owner: \"CUSTOM_LAMBDA\",\n sourceIdentifier: exampleFunction.arn,\n}}, {\n dependsOn: [\n exampleRecorder,\n examplePermission,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_recorder = aws.cfg.Recorder(\"exampleRecorder\")\n# ... other configuration ...\nexample_function = aws.lambda_.Function(\"exampleFunction\")\n# ... other configuration ...\nexample_permission = aws.lambda_.Permission(\"examplePermission\",\n action=\"lambda:InvokeFunction\",\n function=example_function.arn,\n principal=\"config.amazonaws.com\")\n# ... other configuration ...\nexample_rule = aws.cfg.Rule(\"exampleRule\", source=aws.cfg.RuleSourceArgs(\n owner=\"CUSTOM_LAMBDA\",\n source_identifier=example_function.arn,\n),\nopts=pulumi.ResourceOptions(depends_on=[\n example_recorder,\n example_permission,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleRecorder = new Aws.Cfg.Recorder(\"exampleRecorder\");\n\n // ... other configuration ...\n var exampleFunction = new Aws.Lambda.Function(\"exampleFunction\");\n\n // ... other configuration ...\n var examplePermission = new Aws.Lambda.Permission(\"examplePermission\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = exampleFunction.Arn,\n Principal = \"config.amazonaws.com\",\n });\n\n // ... other configuration ...\n var exampleRule = new Aws.Cfg.Rule(\"exampleRule\", new()\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"CUSTOM_LAMBDA\",\n SourceIdentifier = exampleFunction.Arn,\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleRecorder,\n examplePermission,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRecorder, err := cfg.NewRecorder(ctx, \"exampleRecorder\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleFunction, err := lambda.NewFunction(ctx, \"exampleFunction\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePermission, err := lambda.NewPermission(ctx, \"examplePermission\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: exampleFunction.Arn,\n\t\t\tPrincipal: pulumi.String(\"config.amazonaws.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRule(ctx, \"exampleRule\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"CUSTOM_LAMBDA\"),\n\t\t\t\tSourceIdentifier: exampleFunction.Arn,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleRecorder,\n\t\t\texamplePermission,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleRecorder = new Recorder(\"exampleRecorder\");\n\n var exampleFunction = new Function(\"exampleFunction\");\n\n var examplePermission = new Permission(\"examplePermission\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(exampleFunction.arn())\n .principal(\"config.amazonaws.com\")\n .build());\n\n var exampleRule = new Rule(\"exampleRule\", RuleArgs.builder() \n .source(RuleSourceArgs.builder()\n .owner(\"CUSTOM_LAMBDA\")\n .sourceIdentifier(exampleFunction.arn())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n exampleRecorder,\n examplePermission)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRecorder:\n type: aws:cfg:Recorder\n exampleFunction:\n type: aws:lambda:Function\n examplePermission:\n type: aws:lambda:Permission\n properties:\n action: lambda:InvokeFunction\n function: ${exampleFunction.arn}\n principal: config.amazonaws.com\n exampleRule:\n type: aws:cfg:Rule\n properties:\n source:\n owner: CUSTOM_LAMBDA\n sourceIdentifier: ${exampleFunction.arn}\n options:\n dependson:\n - ${exampleRecorder}\n - ${examplePermission}\n```\n{{% /example %}}\n{{% example %}}\n### Custom Policies\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cfg.Rule(\"example\", {source: {\n owner: \"CUSTOM_POLICY\",\n sourceDetails: [{\n messageType: \"ConfigurationItemChangeNotification\",\n }],\n customPolicyDetails: {\n policyRuntime: \"guard-2.x.x\",\n policyText: `\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n`,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cfg.Rule(\"example\", source=aws.cfg.RuleSourceArgs(\n owner=\"CUSTOM_POLICY\",\n source_details=[aws.cfg.RuleSourceSourceDetailArgs(\n message_type=\"ConfigurationItemChangeNotification\",\n )],\n custom_policy_details=aws.cfg.RuleSourceCustomPolicyDetailsArgs(\n policy_runtime=\"guard-2.x.x\",\n policy_text=\"\"\"\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n\"\"\",\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Cfg.Rule(\"example\", new()\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"CUSTOM_POLICY\",\n SourceDetails = new[]\n {\n new Aws.Cfg.Inputs.RuleSourceSourceDetailArgs\n {\n MessageType = \"ConfigurationItemChangeNotification\",\n },\n },\n CustomPolicyDetails = new Aws.Cfg.Inputs.RuleSourceCustomPolicyDetailsArgs\n {\n PolicyRuntime = \"guard-2.x.x\",\n PolicyText = @\"\t rule tableisactive when\n\t\t resourceType == \"\"AWS::DynamoDB::Table\"\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"\"AWS::DynamoDB::Table\"\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"\"ENABLED\"\"\n\t }\n\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRule(ctx, \"example\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"CUSTOM_POLICY\"),\n\t\t\t\tSourceDetails: cfg.RuleSourceSourceDetailArray{\n\t\t\t\t\t\u0026cfg.RuleSourceSourceDetailArgs{\n\t\t\t\t\t\tMessageType: pulumi.String(\"ConfigurationItemChangeNotification\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tCustomPolicyDetails: \u0026cfg.RuleSourceCustomPolicyDetailsArgs{\n\t\t\t\t\tPolicyRuntime: pulumi.String(\"guard-2.x.x\"),\n\t\t\t\t\tPolicyText: pulumi.String(`\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n`),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceCustomPolicyDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Rule(\"example\", RuleArgs.builder() \n .source(RuleSourceArgs.builder()\n .owner(\"CUSTOM_POLICY\")\n .sourceDetails(RuleSourceSourceDetailArgs.builder()\n .messageType(\"ConfigurationItemChangeNotification\")\n .build())\n .customPolicyDetails(RuleSourceCustomPolicyDetailsArgs.builder()\n .policyRuntime(\"guard-2.x.x\")\n .policyText(\"\"\"\n\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n \"\"\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cfg:Rule\n properties:\n source:\n owner: CUSTOM_POLICY\n sourceDetails:\n - messageType: ConfigurationItemChangeNotification\n customPolicyDetails:\n policyRuntime: guard-2.x.x\n policyText: \"\\t rule tableisactive when\\n\\t\\t resourceType == \\\"AWS::DynamoDB::Table\\\" {\\n\\t\\t configuration.tableStatus == ['ACTIVE']\\n\\t }\\n\\t \\n\\t rule checkcompliance when\\n\\t\\t resourceType == \\\"AWS::DynamoDB::Table\\\"\\n\\t\\t tableisactive {\\n\\t\\t\\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \\\"ENABLED\\\"\\n\\t }\\n\"\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Config Rule using the name. For example:\n\n```sh\n $ pulumi import aws:cfg/rule:Rule foo example\n```\n ", + "description": "Provides an AWS Config Rule.\n\n\u003e **Note:** Config Rule requires an existing Configuration Recorder to be present. Use of `depends_on` is recommended (as shown below) to avoid race conditions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### AWS Managed Rules\n\nAWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"config.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst foo = new aws.cfg.Recorder(\"foo\", {roleArn: role.arn});\nconst rule = new aws.cfg.Rule(\"rule\", {source: {\n owner: \"AWS\",\n sourceIdentifier: \"S3_BUCKET_VERSIONING_ENABLED\",\n}}, {\n dependsOn: [foo],\n});\nconst policyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"config:Put*\"],\n resources: [\"*\"],\n }],\n});\nconst rolePolicy = new aws.iam.RolePolicy(\"rolePolicy\", {\n role: role.id,\n policy: policyDocument.then(policyDocument =\u003e policyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"config.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nrole = aws.iam.Role(\"role\", assume_role_policy=assume_role.json)\nfoo = aws.cfg.Recorder(\"foo\", role_arn=role.arn)\nrule = aws.cfg.Rule(\"rule\", source=aws.cfg.RuleSourceArgs(\n owner=\"AWS\",\n source_identifier=\"S3_BUCKET_VERSIONING_ENABLED\",\n),\nopts=pulumi.ResourceOptions(depends_on=[foo]))\npolicy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"config:Put*\"],\n resources=[\"*\"],\n)])\nrole_policy = aws.iam.RolePolicy(\"rolePolicy\",\n role=role.id,\n policy=policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"config.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var role = new Aws.Iam.Role(\"role\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var foo = new Aws.Cfg.Recorder(\"foo\", new()\n {\n RoleArn = role.Arn,\n });\n\n var rule = new Aws.Cfg.Rule(\"rule\", new()\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"AWS\",\n SourceIdentifier = \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n foo,\n },\n });\n\n var policyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"config:Put*\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var rolePolicy = new Aws.Iam.RolePolicy(\"rolePolicy\", new()\n {\n Role = role.Id,\n Policy = policyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"config.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := cfg.NewRecorder(ctx, \"foo\", \u0026cfg.RecorderArgs{\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRule(ctx, \"rule\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\tSourceIdentifier: pulumi.String(\"S3_BUCKET_VERSIONING_ENABLED\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfoo,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"config:Put*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"rolePolicy\", \u0026iam.RolePolicyArgs{\n\t\t\tRole: role.ID(),\n\t\t\tPolicy: *pulumi.String(policyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.cfg.RecorderArgs;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"config.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var foo = new Recorder(\"foo\", RecorderArgs.builder() \n .roleArn(role.arn())\n .build());\n\n var rule = new Rule(\"rule\", RuleArgs.builder() \n .source(RuleSourceArgs.builder()\n .owner(\"AWS\")\n .sourceIdentifier(\"S3_BUCKET_VERSIONING_ENABLED\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(foo)\n .build());\n\n final var policyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"config:Put*\")\n .resources(\"*\")\n .build())\n .build());\n\n var rolePolicy = new RolePolicy(\"rolePolicy\", RolePolicyArgs.builder() \n .role(role.id())\n .policy(policyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n rule:\n type: aws:cfg:Rule\n properties:\n source:\n owner: AWS\n sourceIdentifier: S3_BUCKET_VERSIONING_ENABLED\n options:\n dependson:\n - ${foo}\n foo:\n type: aws:cfg:Recorder\n properties:\n roleArn: ${role.arn}\n role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n rolePolicy:\n type: aws:iam:RolePolicy\n properties:\n role: ${role.id}\n policy: ${policyDocument.json}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - config.amazonaws.com\n actions:\n - sts:AssumeRole\n policyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - config:Put*\n resources:\n - '*'\n```\n{{% /example %}}\n{{% example %}}\n### Custom Rules\n\nCustom rules can be used by setting the source owner to `CUSTOM_LAMBDA` and the source identifier to the Amazon Resource Name (ARN) of the Lambda Function. The AWS Config service must have permissions to invoke the Lambda Function, e.g., via the `aws.lambda.Permission` resource. More information about custom rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRecorder = new aws.cfg.Recorder(\"exampleRecorder\", {});\n// ... other configuration ...\nconst exampleFunction = new aws.lambda.Function(\"exampleFunction\", {});\n// ... other configuration ...\nconst examplePermission = new aws.lambda.Permission(\"examplePermission\", {\n action: \"lambda:InvokeFunction\",\n \"function\": exampleFunction.arn,\n principal: \"config.amazonaws.com\",\n});\n// ... other configuration ...\nconst exampleRule = new aws.cfg.Rule(\"exampleRule\", {source: {\n owner: \"CUSTOM_LAMBDA\",\n sourceIdentifier: exampleFunction.arn,\n}}, {\n dependsOn: [\n exampleRecorder,\n examplePermission,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_recorder = aws.cfg.Recorder(\"exampleRecorder\")\n# ... other configuration ...\nexample_function = aws.lambda_.Function(\"exampleFunction\")\n# ... other configuration ...\nexample_permission = aws.lambda_.Permission(\"examplePermission\",\n action=\"lambda:InvokeFunction\",\n function=example_function.arn,\n principal=\"config.amazonaws.com\")\n# ... other configuration ...\nexample_rule = aws.cfg.Rule(\"exampleRule\", source=aws.cfg.RuleSourceArgs(\n owner=\"CUSTOM_LAMBDA\",\n source_identifier=example_function.arn,\n),\nopts=pulumi.ResourceOptions(depends_on=[\n example_recorder,\n example_permission,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleRecorder = new Aws.Cfg.Recorder(\"exampleRecorder\");\n\n // ... other configuration ...\n var exampleFunction = new Aws.Lambda.Function(\"exampleFunction\");\n\n // ... other configuration ...\n var examplePermission = new Aws.Lambda.Permission(\"examplePermission\", new()\n {\n Action = \"lambda:InvokeFunction\",\n Function = exampleFunction.Arn,\n Principal = \"config.amazonaws.com\",\n });\n\n // ... other configuration ...\n var exampleRule = new Aws.Cfg.Rule(\"exampleRule\", new()\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"CUSTOM_LAMBDA\",\n SourceIdentifier = exampleFunction.Arn,\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleRecorder,\n examplePermission,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRecorder, err := cfg.NewRecorder(ctx, \"exampleRecorder\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleFunction, err := lambda.NewFunction(ctx, \"exampleFunction\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePermission, err := lambda.NewPermission(ctx, \"examplePermission\", \u0026lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: exampleFunction.Arn,\n\t\t\tPrincipal: pulumi.String(\"config.amazonaws.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ... other configuration ...\n\t\t_, err = cfg.NewRule(ctx, \"exampleRule\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"CUSTOM_LAMBDA\"),\n\t\t\t\tSourceIdentifier: exampleFunction.Arn,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleRecorder,\n\t\t\texamplePermission,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Recorder;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.Permission;\nimport com.pulumi.aws.lambda.PermissionArgs;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleRecorder = new Recorder(\"exampleRecorder\");\n\n var exampleFunction = new Function(\"exampleFunction\");\n\n var examplePermission = new Permission(\"examplePermission\", PermissionArgs.builder() \n .action(\"lambda:InvokeFunction\")\n .function(exampleFunction.arn())\n .principal(\"config.amazonaws.com\")\n .build());\n\n var exampleRule = new Rule(\"exampleRule\", RuleArgs.builder() \n .source(RuleSourceArgs.builder()\n .owner(\"CUSTOM_LAMBDA\")\n .sourceIdentifier(exampleFunction.arn())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n exampleRecorder,\n examplePermission)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRecorder:\n type: aws:cfg:Recorder\n exampleFunction:\n type: aws:lambda:Function\n examplePermission:\n type: aws:lambda:Permission\n properties:\n action: lambda:InvokeFunction\n function: ${exampleFunction.arn}\n principal: config.amazonaws.com\n exampleRule:\n type: aws:cfg:Rule\n properties:\n source:\n owner: CUSTOM_LAMBDA\n sourceIdentifier: ${exampleFunction.arn}\n options:\n dependson:\n - ${exampleRecorder}\n - ${examplePermission}\n```\n{{% /example %}}\n{{% example %}}\n### Custom Policies\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cfg.Rule(\"example\", {source: {\n owner: \"CUSTOM_POLICY\",\n sourceDetails: [{\n messageType: \"ConfigurationItemChangeNotification\",\n }],\n customPolicyDetails: {\n policyRuntime: \"guard-2.x.x\",\n policyText: `\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n`,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cfg.Rule(\"example\", source=aws.cfg.RuleSourceArgs(\n owner=\"CUSTOM_POLICY\",\n source_details=[aws.cfg.RuleSourceSourceDetailArgs(\n message_type=\"ConfigurationItemChangeNotification\",\n )],\n custom_policy_details=aws.cfg.RuleSourceCustomPolicyDetailsArgs(\n policy_runtime=\"guard-2.x.x\",\n policy_text=\"\"\"\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n\"\"\",\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Cfg.Rule(\"example\", new()\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"CUSTOM_POLICY\",\n SourceDetails = new[]\n {\n new Aws.Cfg.Inputs.RuleSourceSourceDetailArgs\n {\n MessageType = \"ConfigurationItemChangeNotification\",\n },\n },\n CustomPolicyDetails = new Aws.Cfg.Inputs.RuleSourceCustomPolicyDetailsArgs\n {\n PolicyRuntime = \"guard-2.x.x\",\n PolicyText = @\"\t rule tableisactive when\n\t\t resourceType == \"\"AWS::DynamoDB::Table\"\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"\"AWS::DynamoDB::Table\"\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"\"ENABLED\"\"\n\t }\n\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewRule(ctx, \"example\", \u0026cfg.RuleArgs{\n\t\t\tSource: \u0026cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"CUSTOM_POLICY\"),\n\t\t\t\tSourceDetails: cfg.RuleSourceSourceDetailArray{\n\t\t\t\t\t\u0026cfg.RuleSourceSourceDetailArgs{\n\t\t\t\t\t\tMessageType: pulumi.String(\"ConfigurationItemChangeNotification\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tCustomPolicyDetails: \u0026cfg.RuleSourceCustomPolicyDetailsArgs{\n\t\t\t\t\tPolicyRuntime: pulumi.String(\"guard-2.x.x\"),\n\t\t\t\t\tPolicyText: pulumi.String(`\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n`),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cfg.Rule;\nimport com.pulumi.aws.cfg.RuleArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceArgs;\nimport com.pulumi.aws.cfg.inputs.RuleSourceCustomPolicyDetailsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Rule(\"example\", RuleArgs.builder() \n .source(RuleSourceArgs.builder()\n .owner(\"CUSTOM_POLICY\")\n .sourceDetails(RuleSourceSourceDetailArgs.builder()\n .messageType(\"ConfigurationItemChangeNotification\")\n .build())\n .customPolicyDetails(RuleSourceCustomPolicyDetailsArgs.builder()\n .policyRuntime(\"guard-2.x.x\")\n .policyText(\"\"\"\n\t rule tableisactive when\n\t\t resourceType == \"AWS::DynamoDB::Table\" {\n\t\t configuration.tableStatus == ['ACTIVE']\n\t }\n\t \n\t rule checkcompliance when\n\t\t resourceType == \"AWS::DynamoDB::Table\"\n\t\t tableisactive {\n\t\t\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \"ENABLED\"\n\t }\n \"\"\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cfg:Rule\n properties:\n source:\n owner: CUSTOM_POLICY\n sourceDetails:\n - messageType: ConfigurationItemChangeNotification\n customPolicyDetails:\n policyRuntime: guard-2.x.x\n policyText: \"\\t rule tableisactive when\\n\\t\\t resourceType == \\\"AWS::DynamoDB::Table\\\" {\\n\\t\\t configuration.tableStatus == ['ACTIVE']\\n\\t }\\n\\t \\n\\t rule checkcompliance when\\n\\t\\t resourceType == \\\"AWS::DynamoDB::Table\\\"\\n\\t\\t tableisactive {\\n\\t\\t\\t supplementaryConfiguration.ContinuousBackupsDescription.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus == \\\"ENABLED\\\"\\n\\t }\\n\"\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Config Rule using the name. For example:\n\n```sh\n $ pulumi import aws:cfg/rule:Rule foo example\n```\n ", "properties": { "arn": { "type": "string", @@ -177366,7 +177366,7 @@ } }, "aws:cloudfront/originAccessIdentity:OriginAccessIdentity": { - "description": "Creates an Amazon CloudFront origin access identity.\n\nFor information about CloudFront distributions, see the\n[Amazon CloudFront Developer Guide](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html). For more information on generating\norigin access identities, see\n[Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2].\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront origin access identity.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.OriginAccessIdentity(\"example\", {comment: \"Some comment\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.OriginAccessIdentity(\"example\", comment=\"Some comment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFront.OriginAccessIdentity(\"example\", new()\n {\n Comment = \"Some comment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewOriginAccessIdentity(ctx, \"example\", \u0026cloudfront.OriginAccessIdentityArgs{\n\t\t\tComment: pulumi.String(\"Some comment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentity;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new OriginAccessIdentity(\"example\", OriginAccessIdentityArgs.builder() \n .comment(\"Some comment\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:OriginAccessIdentity\n properties:\n comment: Some comment\n```\n{{% /example %}}\n{{% /examples %}}\n## Using With CloudFront\n\nNormally, when referencing an origin access identity in CloudFront, you need to\nprefix the ID with the `origin-access-identity/cloudfront/` special path.\nThe `cloudfront_access_identity_path` allows this to be circumvented.\nThe below snippet demonstrates use with the `s3_origin_config` structure for the\n`aws.cloudfront.Distribution` resource:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.cloudfront.Distribution(\"example\", {origins: [{\n s3OriginConfig: {\n originAccessIdentity: aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path,\n },\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.cloudfront.Distribution(\"example\", origins=[aws.cloudfront.DistributionOriginArgs(\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=aws_cloudfront_origin_access_identity[\"example\"][\"cloudfront_access_identity_path\"],\n ),\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.CloudFront.Distribution(\"example\", new()\n {\n Origins = new[]\n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewDistribution(ctx, \"example\", \u0026cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t\u0026cloudfront.DistributionOriginArgs{\n\t\t\t\t\tS3OriginConfig: \u0026cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.Any(aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.Distribution;\nimport com.pulumi.aws.cloudfront.DistributionArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginS3OriginConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Distribution(\"example\", DistributionArgs.builder() \n .origins(DistributionOriginArgs.builder()\n .s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()\n .originAccessIdentity(aws_cloudfront_origin_access_identity.example().cloudfront_access_identity_path())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:Distribution\n properties:\n origins:\n - s3OriginConfig:\n originAccessIdentity: ${aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path}\n```\n\n### Updating your bucket policy\n\nNote that the AWS API may translate the `s3_canonical_user_id` `CanonicalUser`\nprincipal into an `AWS` IAM ARN principal when supplied in an\n`aws.s3.BucketV2` bucket policy, causing spurious diffs. If\nyou see this behaviour, use the `iam_arn` instead:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3Policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"s3:GetObject\"],\n resources: [`${aws_s3_bucket.example.arn}/*`],\n principals: [{\n type: \"AWS\",\n identifiers: [aws_cloudfront_origin_access_identity.example.iam_arn],\n }],\n }],\n});\nconst example = new aws.s3.BucketPolicy(\"example\", {\n bucket: aws_s3_bucket.example.id,\n policy: s3Policy.then(s3Policy =\u003e s3Policy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:GetObject\"],\n resources=[f\"{aws_s3_bucket['example']['arn']}/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[aws_cloudfront_origin_access_identity[\"example\"][\"iam_arn\"]],\n )],\n)])\nexample = aws.s3.BucketPolicy(\"example\",\n bucket=aws_s3_bucket[\"example\"][\"id\"],\n policy=s3_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3Policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n $\"{aws_s3_bucket.Example.Arn}/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n aws_cloudfront_origin_access_identity.Example.Iam_arn,\n },\n },\n },\n },\n },\n });\n\n var example = new Aws.S3.BucketPolicy(\"example\", new()\n {\n Bucket = aws_s3_bucket.Example.Id,\n Policy = s3Policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ns3Policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", aws_s3_bucket.Example.Arn),\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\naws_cloudfront_origin_access_identity.Example.Iam_arn,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketPolicy(ctx, \"example\", \u0026s3.BucketPolicyArgs{\nBucket: pulumi.Any(aws_s3_bucket.Example.Id),\nPolicy: *pulumi.String(s3Policy.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3Policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:GetObject\")\n .resources(String.format(\"%s/*\", aws_s3_bucket.example().arn()))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(aws_cloudfront_origin_access_identity.example().iam_arn())\n .build())\n .build())\n .build());\n\n var example = new BucketPolicy(\"example\", BucketPolicyArgs.builder() \n .bucket(aws_s3_bucket.example().id())\n .policy(s3Policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${aws_s3_bucket.example.id}\n policy: ${s3Policy.json}\nvariables:\n s3Policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - s3:GetObject\n resources:\n - ${aws_s3_bucket.example.arn}/*\n principals:\n - type: AWS\n identifiers:\n - ${aws_cloudfront_origin_access_identity.example.iam_arn}\n```\n\n[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html\n[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\n\n## Import\n\nUsing `pulumi import`, import Cloudfront Origin Access Identities using the `id`. For example:\n\n```sh\n $ pulumi import aws:cloudfront/originAccessIdentity:OriginAccessIdentity origin_access E74FTE3AEXAMPLE\n```\n ", + "description": "Creates an Amazon CloudFront origin access identity.\n\nFor information about CloudFront distributions, see the\n[Amazon CloudFront Developer Guide](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html). For more information on generating\norigin access identities, see\n[Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2].\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront origin access identity.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.OriginAccessIdentity(\"example\", {comment: \"Some comment\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.OriginAccessIdentity(\"example\", comment=\"Some comment\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudFront.OriginAccessIdentity(\"example\", new()\n {\n Comment = \"Some comment\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewOriginAccessIdentity(ctx, \"example\", \u0026cloudfront.OriginAccessIdentityArgs{\n\t\t\tComment: pulumi.String(\"Some comment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentity;\nimport com.pulumi.aws.cloudfront.OriginAccessIdentityArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new OriginAccessIdentity(\"example\", OriginAccessIdentityArgs.builder() \n .comment(\"Some comment\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:OriginAccessIdentity\n properties:\n comment: Some comment\n```\n{{% /example %}}\n{{% /examples %}}\n## Using With CloudFront\n\nNormally, when referencing an origin access identity in CloudFront, you need to\nprefix the ID with the `origin-access-identity/cloudfront/` special path.\nThe `cloudfront_access_identity_path` allows this to be circumvented.\nThe below snippet demonstrates use with the `s3_origin_config` structure for the\n`aws.cloudfront.Distribution` resource:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.cloudfront.Distribution(\"example\", {origins: [{\n s3OriginConfig: {\n originAccessIdentity: aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path,\n },\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.cloudfront.Distribution(\"example\", origins=[aws.cloudfront.DistributionOriginArgs(\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=aws_cloudfront_origin_access_identity[\"example\"][\"cloudfront_access_identity_path\"],\n ),\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.CloudFront.Distribution(\"example\", new()\n {\n Origins = new[]\n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\t_, err := cloudfront.NewDistribution(ctx, \"example\", \u0026cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t\u0026cloudfront.DistributionOriginArgs{\n\t\t\t\t\tS3OriginConfig: \u0026cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.Any(aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudfront.Distribution;\nimport com.pulumi.aws.cloudfront.DistributionArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;\nimport com.pulumi.aws.cloudfront.inputs.DistributionOriginS3OriginConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Distribution(\"example\", DistributionArgs.builder() \n .origins(DistributionOriginArgs.builder()\n .s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()\n .originAccessIdentity(aws_cloudfront_origin_access_identity.example().cloudfront_access_identity_path())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudfront:Distribution\n properties:\n origins:\n - s3OriginConfig:\n originAccessIdentity: ${aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path}\n```\n\n### Updating your bucket policy\n\nNote that the AWS API may translate the `s3_canonical_user_id` `CanonicalUser`\nprincipal into an `AWS` IAM ARN principal when supplied in an\n`aws.s3.BucketV2` bucket policy, causing spurious diffs. If\nyou see this behaviour, use the `iam_arn` instead:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3Policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"s3:GetObject\"],\n resources: [`${aws_s3_bucket.example.arn}/*`],\n principals: [{\n type: \"AWS\",\n identifiers: [aws_cloudfront_origin_access_identity.example.iam_arn],\n }],\n }],\n});\nconst example = new aws.s3.BucketPolicy(\"example\", {\n bucket: aws_s3_bucket.example.id,\n policy: s3Policy.then(s3Policy =\u003e s3Policy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:GetObject\"],\n resources=[f\"{aws_s3_bucket['example']['arn']}/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[aws_cloudfront_origin_access_identity[\"example\"][\"iam_arn\"]],\n )],\n)])\nexample = aws.s3.BucketPolicy(\"example\",\n bucket=aws_s3_bucket[\"example\"][\"id\"],\n policy=s3_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3Policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"s3:GetObject\",\n },\n Resources = new[]\n {\n $\"{aws_s3_bucket.Example.Arn}/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n aws_cloudfront_origin_access_identity.Example.Iam_arn,\n },\n },\n },\n },\n },\n });\n\n var example = new Aws.S3.BucketPolicy(\"example\", new()\n {\n Bucket = aws_s3_bucket.Example.Id,\n Policy = s3Policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ns3Policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"s3:GetObject\",\n},\nResources: []string{\nfmt.Sprintf(\"%v/*\", aws_s3_bucket.Example.Arn),\n},\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\naws_cloudfront_origin_access_identity.Example.Iam_arn,\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = s3.NewBucketPolicy(ctx, \"example\", \u0026s3.BucketPolicyArgs{\nBucket: pulumi.Any(aws_s3_bucket.Example.Id),\nPolicy: *pulumi.String(s3Policy.Json),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3Policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"s3:GetObject\")\n .resources(String.format(\"%s/*\", aws_s3_bucket.example().arn()))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(aws_cloudfront_origin_access_identity.example().iam_arn())\n .build())\n .build())\n .build());\n\n var example = new BucketPolicy(\"example\", BucketPolicyArgs.builder() \n .bucket(aws_s3_bucket.example().id())\n .policy(s3Policy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:s3:BucketPolicy\n properties:\n bucket: ${aws_s3_bucket.example.id}\n policy: ${s3Policy.json}\nvariables:\n s3Policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - s3:GetObject\n resources:\n - ${aws_s3_bucket.example.arn}/*\n principals:\n - type: AWS\n identifiers:\n - ${aws_cloudfront_origin_access_identity.example.iam_arn}\n```\n\n[1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html\n[2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html\n\n\n## Import\n\nUsing `pulumi import`, import Cloudfront Origin Access Identities using the `id`. For example:\n\n```sh\n $ pulumi import aws:cloudfront/originAccessIdentity:OriginAccessIdentity origin_access E74FTE3AEXAMPLE\n```\n ", "properties": { "callerReference": { "type": "string", @@ -178288,7 +178288,7 @@ } }, "aws:cloudtrail/eventDataStore:EventDataStore": { - "description": "Provides a CloudTrail Event Data Store.\n\nMore information about event data stores can be found in the [Event Data Store User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store.html).\n\n\u003e **Tip:** For an organization event data store you must create this resource in the management account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\nThe most simple event data store configuration requires us to only set the `name` attribute. The event data store will automatically capture all management events. To capture management events from all the regions, `multi_region_enabled` must be `true`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudtrail.EventDataStore(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudtrail.EventDataStore(\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudTrail.EventDataStore(\"example\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtrail.NewEventDataStore(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.EventDataStore;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new EventDataStore(\"example\");\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:EventDataStore\n```\n{{% /example %}}\n### Data Event Logging\n\nCloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the following links:\n\n- [CloudTrail API AdvancedFieldSelector documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html)\n{{% example %}}\n### Log all DynamoDB PutEvent actions for a specific DynamoDB table\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst table = aws.dynamodb.getTable({\n name: \"not-important-dynamodb-table\",\n});\n// ... other configuration ...\nconst example = new aws.cloudtrail.EventDataStore(\"example\", {advancedEventSelectors: [{\n name: \"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::DynamoDB::Table\"],\n },\n {\n field: \"eventName\",\n equals: [\"PutItem\"],\n },\n {\n field: \"resources.ARN\",\n equals: [table.then(table =\u003e table.arn)],\n },\n ],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntable = aws.dynamodb.get_table(name=\"not-important-dynamodb-table\")\n# ... other configuration ...\nexample = aws.cloudtrail.EventDataStore(\"example\", advanced_event_selectors=[aws.cloudtrail.EventDataStoreAdvancedEventSelectorArgs(\n name=\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n field_selectors=[\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"eventCategory\",\n equals=[\"Data\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"resources.type\",\n equals=[\"AWS::DynamoDB::Table\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"eventName\",\n equals=[\"PutItem\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"resources.ARN\",\n equals=[table.arn],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var table = Aws.DynamoDB.GetTable.Invoke(new()\n {\n Name = \"not-important-dynamodb-table\",\n });\n\n // ... other configuration ...\n var example = new Aws.CloudTrail.EventDataStore(\"example\", new()\n {\n AdvancedEventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs\n {\n Name = \"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::DynamoDB::Table\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventName\",\n Equals = new[]\n {\n \"PutItem\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n Equals = new[]\n {\n table.Apply(getTableResult =\u003e getTableResult.Arn),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttable, err := dynamodb.LookupTable(ctx, \u0026dynamodb.LookupTableArgs{\n\t\t\tName: \"not-important-dynamodb-table\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewEventDataStore(ctx, \"example\", \u0026cloudtrail.EventDataStoreArgs{\n\t\t\tAdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::DynamoDB::Table\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventName\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"PutItem\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\t*pulumi.String(table.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.DynamodbFunctions;\nimport com.pulumi.aws.dynamodb.inputs.GetTableArgs;\nimport com.pulumi.aws.cloudtrail.EventDataStore;\nimport com.pulumi.aws.cloudtrail.EventDataStoreArgs;\nimport com.pulumi.aws.cloudtrail.inputs.EventDataStoreAdvancedEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var table = DynamodbFunctions.getTable(GetTableArgs.builder()\n .name(\"not-important-dynamodb-table\")\n .build());\n\n var example = new EventDataStore(\"example\", EventDataStoreArgs.builder() \n .advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()\n .name(\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\")\n .fieldSelectors( \n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::DynamoDB::Table\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventName\")\n .equals(\"PutItem\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .equals(table.applyValue(getTableResult -\u003e getTableResult.arn()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:EventDataStore\n properties:\n advancedEventSelectors:\n - name: Log all DynamoDB PutEvent actions for a specific DynamoDB table\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: resources.type\n equals:\n - AWS::DynamoDB::Table\n - field: eventName\n equals:\n - PutItem\n - field: resources.ARN\n equals:\n - ${table.arn}\nvariables:\n table:\n fn::invoke:\n Function: aws:dynamodb:getTable\n Arguments:\n name: not-important-dynamodb-table\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import event data stores using their `arn`. For example:\n\n```sh\n $ pulumi import aws:cloudtrail/eventDataStore:EventDataStore example arn:aws:cloudtrail:us-east-1:123456789123:eventdatastore/22333815-4414-412c-b155-dd254033gfhf\n```\n ", + "description": "Provides a CloudTrail Event Data Store.\n\nMore information about event data stores can be found in the [Event Data Store User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/query-event-data-store.html).\n\n\u003e **Tip:** For an organization event data store you must create this resource in the management account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\nThe most simple event data store configuration requires us to only set the `name` attribute. The event data store will automatically capture all management events. To capture management events from all the regions, `multi_region_enabled` must be `true`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudtrail.EventDataStore(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudtrail.EventDataStore(\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudTrail.EventDataStore(\"example\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtrail.NewEventDataStore(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.EventDataStore;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new EventDataStore(\"example\");\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:EventDataStore\n```\n{{% /example %}}\n### Data Event Logging\n\nCloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the following links:\n\n- [CloudTrail API AdvancedFieldSelector documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html)\n{{% example %}}\n### Log all DynamoDB PutEvent actions for a specific DynamoDB table\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst table = aws.dynamodb.getTable({\n name: \"not-important-dynamodb-table\",\n});\n// ... other configuration ...\nconst example = new aws.cloudtrail.EventDataStore(\"example\", {advancedEventSelectors: [{\n name: \"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::DynamoDB::Table\"],\n },\n {\n field: \"eventName\",\n equals: [\"PutItem\"],\n },\n {\n field: \"resources.ARN\",\n equals: [table.then(table =\u003e table.arn)],\n },\n ],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntable = aws.dynamodb.get_table(name=\"not-important-dynamodb-table\")\n# ... other configuration ...\nexample = aws.cloudtrail.EventDataStore(\"example\", advanced_event_selectors=[aws.cloudtrail.EventDataStoreAdvancedEventSelectorArgs(\n name=\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n field_selectors=[\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"eventCategory\",\n equals=[\"Data\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"resources.type\",\n equals=[\"AWS::DynamoDB::Table\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"eventName\",\n equals=[\"PutItem\"],\n ),\n aws.cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs(\n field=\"resources.ARN\",\n equals=[table.arn],\n ),\n ],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var table = Aws.DynamoDB.GetTable.Invoke(new()\n {\n Name = \"not-important-dynamodb-table\",\n });\n\n // ... other configuration ...\n var example = new Aws.CloudTrail.EventDataStore(\"example\", new()\n {\n AdvancedEventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorArgs\n {\n Name = \"Log all DynamoDB PutEvent actions for a specific DynamoDB table\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::DynamoDB::Table\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventName\",\n Equals = new[]\n {\n \"PutItem\",\n },\n },\n new Aws.CloudTrail.Inputs.EventDataStoreAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n Equals = new[]\n {\n table.Apply(getTableResult =\u003e getTableResult.Arn),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttable, err := dynamodb.LookupTable(ctx, \u0026dynamodb.LookupTableArgs{\n\t\t\tName: \"not-important-dynamodb-table\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ... other configuration ...\n\t\t_, err = cloudtrail.NewEventDataStore(ctx, \"example\", \u0026cloudtrail.EventDataStoreArgs{\n\t\t\tAdvancedEventSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::DynamoDB::Table\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventName\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"PutItem\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.EventDataStoreAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\t*pulumi.String(table.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dynamodb.DynamodbFunctions;\nimport com.pulumi.aws.dynamodb.inputs.GetTableArgs;\nimport com.pulumi.aws.cloudtrail.EventDataStore;\nimport com.pulumi.aws.cloudtrail.EventDataStoreArgs;\nimport com.pulumi.aws.cloudtrail.inputs.EventDataStoreAdvancedEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var table = DynamodbFunctions.getTable(GetTableArgs.builder()\n .name(\"not-important-dynamodb-table\")\n .build());\n\n var example = new EventDataStore(\"example\", EventDataStoreArgs.builder() \n .advancedEventSelectors(EventDataStoreAdvancedEventSelectorArgs.builder()\n .name(\"Log all DynamoDB PutEvent actions for a specific DynamoDB table\")\n .fieldSelectors( \n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::DynamoDB::Table\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventName\")\n .equals(\"PutItem\")\n .build(),\n EventDataStoreAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .equals(table.applyValue(getTableResult -\u003e getTableResult.arn()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:EventDataStore\n properties:\n advancedEventSelectors:\n - name: Log all DynamoDB PutEvent actions for a specific DynamoDB table\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: resources.type\n equals:\n - AWS::DynamoDB::Table\n - field: eventName\n equals:\n - PutItem\n - field: resources.ARN\n equals:\n - ${table.arn}\nvariables:\n table:\n fn::invoke:\n Function: aws:dynamodb:getTable\n Arguments:\n name: not-important-dynamodb-table\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import event data stores using their `arn`. For example:\n\n```sh\n $ pulumi import aws:cloudtrail/eventDataStore:EventDataStore example arn:aws:cloudtrail:us-east-1:123456789123:eventdatastore/22333815-4414-412c-b155-dd254033gfhf\n```\n ", "properties": { "advancedEventSelectors": { "type": "array", @@ -184702,7 +184702,7 @@ } }, "aws:codepipeline/webhook:Webhook": { - "description": "Provides a CodePipeline Webhook.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as github from \"@pulumi/github\";\n\nconst barPipeline = new aws.codepipeline.Pipeline(\"barPipeline\", {\n roleArn: aws_iam_role.bar.arn,\n artifactStores: [{\n location: aws_s3_bucket.bar.bucket,\n type: \"S3\",\n encryptionKey: {\n id: data.aws_kms_alias.s3kmskey.arn,\n type: \"KMS\",\n },\n }],\n stages: [\n {\n name: \"Source\",\n actions: [{\n name: \"Source\",\n category: \"Source\",\n owner: \"ThirdParty\",\n provider: \"GitHub\",\n version: \"1\",\n outputArtifacts: [\"test\"],\n configuration: {\n Owner: \"my-organization\",\n Repo: \"test\",\n Branch: \"master\",\n },\n }],\n },\n {\n name: \"Build\",\n actions: [{\n name: \"Build\",\n category: \"Build\",\n owner: \"AWS\",\n provider: \"CodeBuild\",\n inputArtifacts: [\"test\"],\n version: \"1\",\n configuration: {\n ProjectName: \"test\",\n },\n }],\n },\n ],\n});\nconst webhookSecret = \"super-secret\";\nconst barWebhook = new aws.codepipeline.Webhook(\"barWebhook\", {\n authentication: \"GITHUB_HMAC\",\n targetAction: \"Source\",\n targetPipeline: barPipeline.name,\n authenticationConfiguration: {\n secretToken: webhookSecret,\n },\n filters: [{\n jsonPath: \"$.ref\",\n matchEquals: \"refs/heads/{Branch}\",\n }],\n});\n// Wire the CodePipeline webhook into a GitHub repository.\nconst barRepositoryWebhook = new github.RepositoryWebhook(\"barRepositoryWebhook\", {\n repository: github_repository.repo.name,\n configuration: {\n url: barWebhook.url,\n contentType: \"json\",\n insecureSsl: true,\n secret: webhookSecret,\n },\n events: [\"push\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_github as github\n\nbar_pipeline = aws.codepipeline.Pipeline(\"barPipeline\",\n role_arn=aws_iam_role[\"bar\"][\"arn\"],\n artifact_stores=[aws.codepipeline.PipelineArtifactStoreArgs(\n location=aws_s3_bucket[\"bar\"][\"bucket\"],\n type=\"S3\",\n encryption_key=aws.codepipeline.PipelineArtifactStoreEncryptionKeyArgs(\n id=data[\"aws_kms_alias\"][\"s3kmskey\"][\"arn\"],\n type=\"KMS\",\n ),\n )],\n stages=[\n aws.codepipeline.PipelineStageArgs(\n name=\"Source\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Source\",\n category=\"Source\",\n owner=\"ThirdParty\",\n provider=\"GitHub\",\n version=\"1\",\n output_artifacts=[\"test\"],\n configuration={\n \"Owner\": \"my-organization\",\n \"Repo\": \"test\",\n \"Branch\": \"master\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Build\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Build\",\n category=\"Build\",\n owner=\"AWS\",\n provider=\"CodeBuild\",\n input_artifacts=[\"test\"],\n version=\"1\",\n configuration={\n \"ProjectName\": \"test\",\n },\n )],\n ),\n ])\nwebhook_secret = \"super-secret\"\nbar_webhook = aws.codepipeline.Webhook(\"barWebhook\",\n authentication=\"GITHUB_HMAC\",\n target_action=\"Source\",\n target_pipeline=bar_pipeline.name,\n authentication_configuration=aws.codepipeline.WebhookAuthenticationConfigurationArgs(\n secret_token=webhook_secret,\n ),\n filters=[aws.codepipeline.WebhookFilterArgs(\n json_path=\"$.ref\",\n match_equals=\"refs/heads/{Branch}\",\n )])\n# Wire the CodePipeline webhook into a GitHub repository.\nbar_repository_webhook = github.RepositoryWebhook(\"barRepositoryWebhook\",\n repository=github_repository[\"repo\"][\"name\"],\n configuration=github.RepositoryWebhookConfigurationArgs(\n url=bar_webhook.url,\n content_type=\"json\",\n insecure_ssl=True,\n secret=webhook_secret,\n ),\n events=[\"push\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Github = Pulumi.Github;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var barPipeline = new Aws.CodePipeline.Pipeline(\"barPipeline\", new()\n {\n RoleArn = aws_iam_role.Bar.Arn,\n ArtifactStores = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineArtifactStoreArgs\n {\n Location = aws_s3_bucket.Bar.Bucket,\n Type = \"S3\",\n EncryptionKey = new Aws.CodePipeline.Inputs.PipelineArtifactStoreEncryptionKeyArgs\n {\n Id = data.Aws_kms_alias.S3kmskey.Arn,\n Type = \"KMS\",\n },\n },\n },\n Stages = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Source\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Source\",\n Category = \"Source\",\n Owner = \"ThirdParty\",\n Provider = \"GitHub\",\n Version = \"1\",\n OutputArtifacts = new[]\n {\n \"test\",\n },\n Configuration = \n {\n { \"Owner\", \"my-organization\" },\n { \"Repo\", \"test\" },\n { \"Branch\", \"master\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Build\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Build\",\n Category = \"Build\",\n Owner = \"AWS\",\n Provider = \"CodeBuild\",\n InputArtifacts = new[]\n {\n \"test\",\n },\n Version = \"1\",\n Configuration = \n {\n { \"ProjectName\", \"test\" },\n },\n },\n },\n },\n },\n });\n\n var webhookSecret = \"super-secret\";\n\n var barWebhook = new Aws.CodePipeline.Webhook(\"barWebhook\", new()\n {\n Authentication = \"GITHUB_HMAC\",\n TargetAction = \"Source\",\n TargetPipeline = barPipeline.Name,\n AuthenticationConfiguration = new Aws.CodePipeline.Inputs.WebhookAuthenticationConfigurationArgs\n {\n SecretToken = webhookSecret,\n },\n Filters = new[]\n {\n new Aws.CodePipeline.Inputs.WebhookFilterArgs\n {\n JsonPath = \"$.ref\",\n MatchEquals = \"refs/heads/{Branch}\",\n },\n },\n });\n\n // Wire the CodePipeline webhook into a GitHub repository.\n var barRepositoryWebhook = new Github.RepositoryWebhook(\"barRepositoryWebhook\", new()\n {\n Repository = github_repository.Repo.Name,\n Configuration = new Github.Inputs.RepositoryWebhookConfigurationArgs\n {\n Url = barWebhook.Url,\n ContentType = \"json\",\n InsecureSsl = true,\n Secret = webhookSecret,\n },\n Events = new[]\n {\n \"push\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codepipeline\"\n\t\"github.com/pulumi/pulumi-github/sdk/v5/go/github\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbarPipeline, err := codepipeline.NewPipeline(ctx, \"barPipeline\", \u0026codepipeline.PipelineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Bar.Arn),\n\t\t\tArtifactStores: codepipeline.PipelineArtifactStoreArray{\n\t\t\t\t\u0026codepipeline.PipelineArtifactStoreArgs{\n\t\t\t\t\tLocation: pulumi.Any(aws_s3_bucket.Bar.Bucket),\n\t\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\t\tEncryptionKey: \u0026codepipeline.PipelineArtifactStoreEncryptionKeyArgs{\n\t\t\t\t\t\tId: pulumi.Any(data.Aws_kms_alias.S3kmskey.Arn),\n\t\t\t\t\t\tType: pulumi.String(\"KMS\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tStages: codepipeline.PipelineStageArray{\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"ThirdParty\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"GitHub\"),\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"Owner\": pulumi.String(\"my-organization\"),\n\t\t\t\t\t\t\t\t\"Repo\": pulumi.String(\"test\"),\n\t\t\t\t\t\t\t\t\"Branch\": pulumi.String(\"master\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeBuild\"),\n\t\t\t\t\t\t\tInputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ProjectName\": pulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twebhookSecret := \"super-secret\"\n\t\tbarWebhook, err := codepipeline.NewWebhook(ctx, \"barWebhook\", \u0026codepipeline.WebhookArgs{\n\t\t\tAuthentication: pulumi.String(\"GITHUB_HMAC\"),\n\t\t\tTargetAction: pulumi.String(\"Source\"),\n\t\t\tTargetPipeline: barPipeline.Name,\n\t\t\tAuthenticationConfiguration: \u0026codepipeline.WebhookAuthenticationConfigurationArgs{\n\t\t\t\tSecretToken: pulumi.String(webhookSecret),\n\t\t\t},\n\t\t\tFilters: codepipeline.WebhookFilterArray{\n\t\t\t\t\u0026codepipeline.WebhookFilterArgs{\n\t\t\t\t\tJsonPath: pulumi.String(\"$.ref\"),\n\t\t\t\t\tMatchEquals: pulumi.String(\"refs/heads/{Branch}\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = github.NewRepositoryWebhook(ctx, \"barRepositoryWebhook\", \u0026github.RepositoryWebhookArgs{\n\t\t\tRepository: pulumi.Any(github_repository.Repo.Name),\n\t\t\tConfiguration: \u0026github.RepositoryWebhookConfigurationArgs{\n\t\t\t\tUrl: barWebhook.Url,\n\t\t\t\tContentType: pulumi.String(\"json\"),\n\t\t\t\tInsecureSsl: pulumi.Bool(true),\n\t\t\t\tSecret: pulumi.String(webhookSecret),\n\t\t\t},\n\t\t\tEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"push\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codepipeline.Pipeline;\nimport com.pulumi.aws.codepipeline.PipelineArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineArtifactStoreArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineArtifactStoreEncryptionKeyArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineStageArgs;\nimport com.pulumi.aws.codepipeline.Webhook;\nimport com.pulumi.aws.codepipeline.WebhookArgs;\nimport com.pulumi.aws.codepipeline.inputs.WebhookAuthenticationConfigurationArgs;\nimport com.pulumi.aws.codepipeline.inputs.WebhookFilterArgs;\nimport com.pulumi.github.RepositoryWebhook;\nimport com.pulumi.github.RepositoryWebhookArgs;\nimport com.pulumi.github.inputs.RepositoryWebhookConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var barPipeline = new Pipeline(\"barPipeline\", PipelineArgs.builder() \n .roleArn(aws_iam_role.bar().arn())\n .artifactStores(PipelineArtifactStoreArgs.builder()\n .location(aws_s3_bucket.bar().bucket())\n .type(\"S3\")\n .encryptionKey(PipelineArtifactStoreEncryptionKeyArgs.builder()\n .id(data.aws_kms_alias().s3kmskey().arn())\n .type(\"KMS\")\n .build())\n .build())\n .stages( \n PipelineStageArgs.builder()\n .name(\"Source\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Source\")\n .category(\"Source\")\n .owner(\"ThirdParty\")\n .provider(\"GitHub\")\n .version(\"1\")\n .outputArtifacts(\"test\")\n .configuration(Map.ofEntries(\n Map.entry(\"Owner\", \"my-organization\"),\n Map.entry(\"Repo\", \"test\"),\n Map.entry(\"Branch\", \"master\")\n ))\n .build())\n .build(),\n PipelineStageArgs.builder()\n .name(\"Build\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Build\")\n .category(\"Build\")\n .owner(\"AWS\")\n .provider(\"CodeBuild\")\n .inputArtifacts(\"test\")\n .version(\"1\")\n .configuration(Map.of(\"ProjectName\", \"test\"))\n .build())\n .build())\n .build());\n\n final var webhookSecret = \"super-secret\";\n\n var barWebhook = new Webhook(\"barWebhook\", WebhookArgs.builder() \n .authentication(\"GITHUB_HMAC\")\n .targetAction(\"Source\")\n .targetPipeline(barPipeline.name())\n .authenticationConfiguration(WebhookAuthenticationConfigurationArgs.builder()\n .secretToken(webhookSecret)\n .build())\n .filters(WebhookFilterArgs.builder()\n .jsonPath(\"$.ref\")\n .matchEquals(\"refs/heads/{Branch}\")\n .build())\n .build());\n\n var barRepositoryWebhook = new RepositoryWebhook(\"barRepositoryWebhook\", RepositoryWebhookArgs.builder() \n .repository(github_repository.repo().name())\n .configuration(RepositoryWebhookConfigurationArgs.builder()\n .url(barWebhook.url())\n .contentType(\"json\")\n .insecureSsl(true)\n .secret(webhookSecret)\n .build())\n .events(\"push\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n barPipeline:\n type: aws:codepipeline:Pipeline\n properties:\n roleArn: ${aws_iam_role.bar.arn}\n artifactStores:\n - location: ${aws_s3_bucket.bar.bucket}\n type: S3\n encryptionKey:\n id: ${data.aws_kms_alias.s3kmskey.arn}\n type: KMS\n stages:\n - name: Source\n actions:\n - name: Source\n category: Source\n owner: ThirdParty\n provider: GitHub\n version: '1'\n outputArtifacts:\n - test\n configuration:\n Owner: my-organization\n Repo: test\n Branch: master\n - name: Build\n actions:\n - name: Build\n category: Build\n owner: AWS\n provider: CodeBuild\n inputArtifacts:\n - test\n version: '1'\n configuration:\n ProjectName: test\n barWebhook:\n type: aws:codepipeline:Webhook\n properties:\n authentication: GITHUB_HMAC\n targetAction: Source\n targetPipeline: ${barPipeline.name}\n authenticationConfiguration:\n secretToken: ${webhookSecret}\n filters:\n - jsonPath: $.ref\n matchEquals: refs/heads/{Branch}\n # Wire the CodePipeline webhook into a GitHub repository.\n barRepositoryWebhook:\n type: github:RepositoryWebhook\n properties:\n repository: ${github_repository.repo.name}\n configuration:\n url: ${barWebhook.url}\n contentType: json\n insecureSsl: true\n secret: ${webhookSecret}\n events:\n - push\nvariables:\n webhookSecret: super-secret\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import CodePipeline Webhooks using their ARN. For example:\n\n```sh\n $ pulumi import aws:codepipeline/webhook:Webhook example arn:aws:codepipeline:us-west-2:123456789012:webhook:example\n```\n ", + "description": "Provides a CodePipeline Webhook.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as github from \"@pulumi/github\";\n\nconst barPipeline = new aws.codepipeline.Pipeline(\"barPipeline\", {\n roleArn: aws_iam_role.bar.arn,\n artifactStores: [{\n location: aws_s3_bucket.bar.bucket,\n type: \"S3\",\n encryptionKey: {\n id: data.aws_kms_alias.s3kmskey.arn,\n type: \"KMS\",\n },\n }],\n stages: [\n {\n name: \"Source\",\n actions: [{\n name: \"Source\",\n category: \"Source\",\n owner: \"ThirdParty\",\n provider: \"GitHub\",\n version: \"1\",\n outputArtifacts: [\"test\"],\n configuration: {\n Owner: \"my-organization\",\n Repo: \"test\",\n Branch: \"master\",\n },\n }],\n },\n {\n name: \"Build\",\n actions: [{\n name: \"Build\",\n category: \"Build\",\n owner: \"AWS\",\n provider: \"CodeBuild\",\n inputArtifacts: [\"test\"],\n version: \"1\",\n configuration: {\n ProjectName: \"test\",\n },\n }],\n },\n ],\n});\nconst webhookSecret = \"super-secret\";\nconst barWebhook = new aws.codepipeline.Webhook(\"barWebhook\", {\n authentication: \"GITHUB_HMAC\",\n targetAction: \"Source\",\n targetPipeline: barPipeline.name,\n authenticationConfiguration: {\n secretToken: webhookSecret,\n },\n filters: [{\n jsonPath: \"$.ref\",\n matchEquals: \"refs/heads/{Branch}\",\n }],\n});\n// Wire the CodePipeline webhook into a GitHub repository.\nconst barRepositoryWebhook = new github.RepositoryWebhook(\"barRepositoryWebhook\", {\n repository: github_repository.repo.name,\n configuration: {\n url: barWebhook.url,\n contentType: \"json\",\n insecureSsl: true,\n secret: webhookSecret,\n },\n events: [\"push\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_github as github\n\nbar_pipeline = aws.codepipeline.Pipeline(\"barPipeline\",\n role_arn=aws_iam_role[\"bar\"][\"arn\"],\n artifact_stores=[aws.codepipeline.PipelineArtifactStoreArgs(\n location=aws_s3_bucket[\"bar\"][\"bucket\"],\n type=\"S3\",\n encryption_key=aws.codepipeline.PipelineArtifactStoreEncryptionKeyArgs(\n id=data[\"aws_kms_alias\"][\"s3kmskey\"][\"arn\"],\n type=\"KMS\",\n ),\n )],\n stages=[\n aws.codepipeline.PipelineStageArgs(\n name=\"Source\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Source\",\n category=\"Source\",\n owner=\"ThirdParty\",\n provider=\"GitHub\",\n version=\"1\",\n output_artifacts=[\"test\"],\n configuration={\n \"Owner\": \"my-organization\",\n \"Repo\": \"test\",\n \"Branch\": \"master\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Build\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Build\",\n category=\"Build\",\n owner=\"AWS\",\n provider=\"CodeBuild\",\n input_artifacts=[\"test\"],\n version=\"1\",\n configuration={\n \"ProjectName\": \"test\",\n },\n )],\n ),\n ])\nwebhook_secret = \"super-secret\"\nbar_webhook = aws.codepipeline.Webhook(\"barWebhook\",\n authentication=\"GITHUB_HMAC\",\n target_action=\"Source\",\n target_pipeline=bar_pipeline.name,\n authentication_configuration=aws.codepipeline.WebhookAuthenticationConfigurationArgs(\n secret_token=webhook_secret,\n ),\n filters=[aws.codepipeline.WebhookFilterArgs(\n json_path=\"$.ref\",\n match_equals=\"refs/heads/{Branch}\",\n )])\n# Wire the CodePipeline webhook into a GitHub repository.\nbar_repository_webhook = github.RepositoryWebhook(\"barRepositoryWebhook\",\n repository=github_repository[\"repo\"][\"name\"],\n configuration=github.RepositoryWebhookConfigurationArgs(\n url=bar_webhook.url,\n content_type=\"json\",\n insecure_ssl=True,\n secret=webhook_secret,\n ),\n events=[\"push\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Github = Pulumi.Github;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var barPipeline = new Aws.CodePipeline.Pipeline(\"barPipeline\", new()\n {\n RoleArn = aws_iam_role.Bar.Arn,\n ArtifactStores = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineArtifactStoreArgs\n {\n Location = aws_s3_bucket.Bar.Bucket,\n Type = \"S3\",\n EncryptionKey = new Aws.CodePipeline.Inputs.PipelineArtifactStoreEncryptionKeyArgs\n {\n Id = data.Aws_kms_alias.S3kmskey.Arn,\n Type = \"KMS\",\n },\n },\n },\n Stages = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Source\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Source\",\n Category = \"Source\",\n Owner = \"ThirdParty\",\n Provider = \"GitHub\",\n Version = \"1\",\n OutputArtifacts = new[]\n {\n \"test\",\n },\n Configuration = \n {\n { \"Owner\", \"my-organization\" },\n { \"Repo\", \"test\" },\n { \"Branch\", \"master\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Build\",\n Actions = new[]\n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Build\",\n Category = \"Build\",\n Owner = \"AWS\",\n Provider = \"CodeBuild\",\n InputArtifacts = new[]\n {\n \"test\",\n },\n Version = \"1\",\n Configuration = \n {\n { \"ProjectName\", \"test\" },\n },\n },\n },\n },\n },\n });\n\n var webhookSecret = \"super-secret\";\n\n var barWebhook = new Aws.CodePipeline.Webhook(\"barWebhook\", new()\n {\n Authentication = \"GITHUB_HMAC\",\n TargetAction = \"Source\",\n TargetPipeline = barPipeline.Name,\n AuthenticationConfiguration = new Aws.CodePipeline.Inputs.WebhookAuthenticationConfigurationArgs\n {\n SecretToken = webhookSecret,\n },\n Filters = new[]\n {\n new Aws.CodePipeline.Inputs.WebhookFilterArgs\n {\n JsonPath = \"$.ref\",\n MatchEquals = \"refs/heads/{Branch}\",\n },\n },\n });\n\n // Wire the CodePipeline webhook into a GitHub repository.\n var barRepositoryWebhook = new Github.RepositoryWebhook(\"barRepositoryWebhook\", new()\n {\n Repository = github_repository.Repo.Name,\n Configuration = new Github.Inputs.RepositoryWebhookConfigurationArgs\n {\n Url = barWebhook.Url,\n ContentType = \"json\",\n InsecureSsl = true,\n Secret = webhookSecret,\n },\n Events = new[]\n {\n \"push\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/codepipeline\"\n\t\"github.com/pulumi/pulumi-github/sdk/v5/go/github\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbarPipeline, err := codepipeline.NewPipeline(ctx, \"barPipeline\", \u0026codepipeline.PipelineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Bar.Arn),\n\t\t\tArtifactStores: codepipeline.PipelineArtifactStoreArray{\n\t\t\t\t\u0026codepipeline.PipelineArtifactStoreArgs{\n\t\t\t\t\tLocation: pulumi.Any(aws_s3_bucket.Bar.Bucket),\n\t\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\t\tEncryptionKey: \u0026codepipeline.PipelineArtifactStoreEncryptionKeyArgs{\n\t\t\t\t\t\tId: pulumi.Any(data.Aws_kms_alias.S3kmskey.Arn),\n\t\t\t\t\t\tType: pulumi.String(\"KMS\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tStages: codepipeline.PipelineStageArray{\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"ThirdParty\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"GitHub\"),\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"Owner\": pulumi.String(\"my-organization\"),\n\t\t\t\t\t\t\t\t\"Repo\": pulumi.String(\"test\"),\n\t\t\t\t\t\t\t\t\"Branch\": pulumi.String(\"master\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t\u0026codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeBuild\"),\n\t\t\t\t\t\t\tInputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ProjectName\": pulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twebhookSecret := \"super-secret\"\n\t\tbarWebhook, err := codepipeline.NewWebhook(ctx, \"barWebhook\", \u0026codepipeline.WebhookArgs{\n\t\t\tAuthentication: pulumi.String(\"GITHUB_HMAC\"),\n\t\t\tTargetAction: pulumi.String(\"Source\"),\n\t\t\tTargetPipeline: barPipeline.Name,\n\t\t\tAuthenticationConfiguration: \u0026codepipeline.WebhookAuthenticationConfigurationArgs{\n\t\t\t\tSecretToken: pulumi.String(webhookSecret),\n\t\t\t},\n\t\t\tFilters: codepipeline.WebhookFilterArray{\n\t\t\t\t\u0026codepipeline.WebhookFilterArgs{\n\t\t\t\t\tJsonPath: pulumi.String(\"$.ref\"),\n\t\t\t\t\tMatchEquals: pulumi.String(\"refs/heads/{Branch}\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Wire the CodePipeline webhook into a GitHub repository.\n\t\t_, err = github.NewRepositoryWebhook(ctx, \"barRepositoryWebhook\", \u0026github.RepositoryWebhookArgs{\n\t\t\tRepository: pulumi.Any(github_repository.Repo.Name),\n\t\t\tConfiguration: \u0026github.RepositoryWebhookConfigurationArgs{\n\t\t\t\tUrl: barWebhook.Url,\n\t\t\t\tContentType: pulumi.String(\"json\"),\n\t\t\t\tInsecureSsl: pulumi.Bool(true),\n\t\t\t\tSecret: pulumi.String(webhookSecret),\n\t\t\t},\n\t\t\tEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"push\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.codepipeline.Pipeline;\nimport com.pulumi.aws.codepipeline.PipelineArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineArtifactStoreArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineArtifactStoreEncryptionKeyArgs;\nimport com.pulumi.aws.codepipeline.inputs.PipelineStageArgs;\nimport com.pulumi.aws.codepipeline.Webhook;\nimport com.pulumi.aws.codepipeline.WebhookArgs;\nimport com.pulumi.aws.codepipeline.inputs.WebhookAuthenticationConfigurationArgs;\nimport com.pulumi.aws.codepipeline.inputs.WebhookFilterArgs;\nimport com.pulumi.github.RepositoryWebhook;\nimport com.pulumi.github.RepositoryWebhookArgs;\nimport com.pulumi.github.inputs.RepositoryWebhookConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var barPipeline = new Pipeline(\"barPipeline\", PipelineArgs.builder() \n .roleArn(aws_iam_role.bar().arn())\n .artifactStores(PipelineArtifactStoreArgs.builder()\n .location(aws_s3_bucket.bar().bucket())\n .type(\"S3\")\n .encryptionKey(PipelineArtifactStoreEncryptionKeyArgs.builder()\n .id(data.aws_kms_alias().s3kmskey().arn())\n .type(\"KMS\")\n .build())\n .build())\n .stages( \n PipelineStageArgs.builder()\n .name(\"Source\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Source\")\n .category(\"Source\")\n .owner(\"ThirdParty\")\n .provider(\"GitHub\")\n .version(\"1\")\n .outputArtifacts(\"test\")\n .configuration(Map.ofEntries(\n Map.entry(\"Owner\", \"my-organization\"),\n Map.entry(\"Repo\", \"test\"),\n Map.entry(\"Branch\", \"master\")\n ))\n .build())\n .build(),\n PipelineStageArgs.builder()\n .name(\"Build\")\n .actions(PipelineStageActionArgs.builder()\n .name(\"Build\")\n .category(\"Build\")\n .owner(\"AWS\")\n .provider(\"CodeBuild\")\n .inputArtifacts(\"test\")\n .version(\"1\")\n .configuration(Map.of(\"ProjectName\", \"test\"))\n .build())\n .build())\n .build());\n\n final var webhookSecret = \"super-secret\";\n\n var barWebhook = new Webhook(\"barWebhook\", WebhookArgs.builder() \n .authentication(\"GITHUB_HMAC\")\n .targetAction(\"Source\")\n .targetPipeline(barPipeline.name())\n .authenticationConfiguration(WebhookAuthenticationConfigurationArgs.builder()\n .secretToken(webhookSecret)\n .build())\n .filters(WebhookFilterArgs.builder()\n .jsonPath(\"$.ref\")\n .matchEquals(\"refs/heads/{Branch}\")\n .build())\n .build());\n\n var barRepositoryWebhook = new RepositoryWebhook(\"barRepositoryWebhook\", RepositoryWebhookArgs.builder() \n .repository(github_repository.repo().name())\n .configuration(RepositoryWebhookConfigurationArgs.builder()\n .url(barWebhook.url())\n .contentType(\"json\")\n .insecureSsl(true)\n .secret(webhookSecret)\n .build())\n .events(\"push\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n barPipeline:\n type: aws:codepipeline:Pipeline\n properties:\n roleArn: ${aws_iam_role.bar.arn}\n artifactStores:\n - location: ${aws_s3_bucket.bar.bucket}\n type: S3\n encryptionKey:\n id: ${data.aws_kms_alias.s3kmskey.arn}\n type: KMS\n stages:\n - name: Source\n actions:\n - name: Source\n category: Source\n owner: ThirdParty\n provider: GitHub\n version: '1'\n outputArtifacts:\n - test\n configuration:\n Owner: my-organization\n Repo: test\n Branch: master\n - name: Build\n actions:\n - name: Build\n category: Build\n owner: AWS\n provider: CodeBuild\n inputArtifacts:\n - test\n version: '1'\n configuration:\n ProjectName: test\n barWebhook:\n type: aws:codepipeline:Webhook\n properties:\n authentication: GITHUB_HMAC\n targetAction: Source\n targetPipeline: ${barPipeline.name}\n authenticationConfiguration:\n secretToken: ${webhookSecret}\n filters:\n - jsonPath: $.ref\n matchEquals: refs/heads/{Branch}\n # Wire the CodePipeline webhook into a GitHub repository.\n barRepositoryWebhook:\n type: github:RepositoryWebhook\n properties:\n repository: ${github_repository.repo.name}\n configuration:\n url: ${barWebhook.url}\n contentType: json\n insecureSsl: true\n secret: ${webhookSecret}\n events:\n - push\nvariables:\n webhookSecret: super-secret\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import CodePipeline Webhooks using their ARN. For example:\n\n```sh\n $ pulumi import aws:codepipeline/webhook:Webhook example arn:aws:codepipeline:us-west-2:123456789012:webhook:example\n```\n ", "properties": { "arn": { "type": "string", @@ -186722,7 +186722,7 @@ } }, "aws:cognito/userPool:UserPool": { - "description": "Provides a Cognito User Pool resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Aws.Cognito.UserPool(\"pool\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new UserPool(\"pool\");\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: aws:cognito:UserPool\n```\n{{% /example %}}\n{{% example %}}\n### Enabling SMS and Software Token Multi-Factor Authentication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.cognito.UserPool(\"example\", {\n mfaConfiguration: \"ON\",\n smsAuthenticationMessage: \"Your code is {####}\",\n smsConfiguration: {\n externalId: \"example\",\n snsCallerArn: aws_iam_role.example.arn,\n snsRegion: \"us-east-1\",\n },\n softwareTokenMfaConfiguration: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.cognito.UserPool(\"example\",\n mfa_configuration=\"ON\",\n sms_authentication_message=\"Your code is {####}\",\n sms_configuration=aws.cognito.UserPoolSmsConfigurationArgs(\n external_id=\"example\",\n sns_caller_arn=aws_iam_role[\"example\"][\"arn\"],\n sns_region=\"us-east-1\",\n ),\n software_token_mfa_configuration=aws.cognito.UserPoolSoftwareTokenMfaConfigurationArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.Cognito.UserPool(\"example\", new()\n {\n MfaConfiguration = \"ON\",\n SmsAuthenticationMessage = \"Your code is {####}\",\n SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs\n {\n ExternalId = \"example\",\n SnsCallerArn = aws_iam_role.Example.Arn,\n SnsRegion = \"us-east-1\",\n },\n SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cognito.NewUserPool(ctx, \"example\", \u0026cognito.UserPoolArgs{\n\t\t\tMfaConfiguration: pulumi.String(\"ON\"),\n\t\t\tSmsAuthenticationMessage: pulumi.String(\"Your code is {####}\"),\n\t\t\tSmsConfiguration: \u0026cognito.UserPoolSmsConfigurationArgs{\n\t\t\t\tExternalId: pulumi.String(\"example\"),\n\t\t\t\tSnsCallerArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t\tSnsRegion: pulumi.String(\"us-east-1\"),\n\t\t\t},\n\t\t\tSoftwareTokenMfaConfiguration: \u0026cognito.UserPoolSoftwareTokenMfaConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.inputs.UserPoolSmsConfigurationArgs;\nimport com.pulumi.aws.cognito.inputs.UserPoolSoftwareTokenMfaConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new UserPool(\"example\", UserPoolArgs.builder() \n .mfaConfiguration(\"ON\")\n .smsAuthenticationMessage(\"Your code is {####}\")\n .smsConfiguration(UserPoolSmsConfigurationArgs.builder()\n .externalId(\"example\")\n .snsCallerArn(aws_iam_role.example().arn())\n .snsRegion(\"us-east-1\")\n .build())\n .softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cognito:UserPool\n properties:\n mfaConfiguration: ON\n smsAuthenticationMessage: Your code is {####}\n smsConfiguration:\n externalId: example\n snsCallerArn: ${aws_iam_role.example.arn}\n snsRegion: us-east-1\n softwareTokenMfaConfiguration:\n enabled: true\n```\n{{% /example %}}\n{{% example %}}\n### Using Account Recovery Setting\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.cognito.UserPool(\"test\", {accountRecoverySetting: {\n recoveryMechanisms: [\n {\n name: \"verified_email\",\n priority: 1,\n },\n {\n name: \"verified_phone_number\",\n priority: 2,\n },\n ],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cognito.UserPool(\"test\", account_recovery_setting=aws.cognito.UserPoolAccountRecoverySettingArgs(\n recovery_mechanisms=[\n aws.cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs(\n name=\"verified_email\",\n priority=1,\n ),\n aws.cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs(\n name=\"verified_phone_number\",\n priority=2,\n ),\n ],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Cognito.UserPool(\"test\", new()\n {\n AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs\n {\n RecoveryMechanisms = new[]\n {\n new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs\n {\n Name = \"verified_email\",\n Priority = 1,\n },\n new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs\n {\n Name = \"verified_phone_number\",\n Priority = 2,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cognito.NewUserPool(ctx, \"test\", \u0026cognito.UserPoolArgs{\n\t\t\tAccountRecoverySetting: \u0026cognito.UserPoolAccountRecoverySettingArgs{\n\t\t\t\tRecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{\n\t\t\t\t\t\u0026cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{\n\t\t\t\t\t\tName: pulumi.String(\"verified_email\"),\n\t\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{\n\t\t\t\t\t\tName: pulumi.String(\"verified_phone_number\"),\n\t\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.inputs.UserPoolAccountRecoverySettingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new UserPool(\"test\", UserPoolArgs.builder() \n .accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()\n .recoveryMechanisms( \n UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()\n .name(\"verified_email\")\n .priority(1)\n .build(),\n UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()\n .name(\"verified_phone_number\")\n .priority(2)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:cognito:UserPool\n properties:\n accountRecoverySetting:\n recoveryMechanisms:\n - name: verified_email\n priority: 1\n - name: verified_phone_number\n priority: 2\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Cognito User Pools using the `id`. For example:\n\n```sh\n $ pulumi import aws:cognito/userPool:UserPool pool us-west-2_abc123\n```\n ", + "description": "Provides a Cognito User Pool resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pool = new Aws.Cognito.UserPool(\"pool\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var pool = new UserPool(\"pool\");\n\n }\n}\n```\n```yaml\nresources:\n pool:\n type: aws:cognito:UserPool\n```\n{{% /example %}}\n{{% example %}}\n### Enabling SMS and Software Token Multi-Factor Authentication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.cognito.UserPool(\"example\", {\n mfaConfiguration: \"ON\",\n smsAuthenticationMessage: \"Your code is {####}\",\n smsConfiguration: {\n externalId: \"example\",\n snsCallerArn: aws_iam_role.example.arn,\n snsRegion: \"us-east-1\",\n },\n softwareTokenMfaConfiguration: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.cognito.UserPool(\"example\",\n mfa_configuration=\"ON\",\n sms_authentication_message=\"Your code is {####}\",\n sms_configuration=aws.cognito.UserPoolSmsConfigurationArgs(\n external_id=\"example\",\n sns_caller_arn=aws_iam_role[\"example\"][\"arn\"],\n sns_region=\"us-east-1\",\n ),\n software_token_mfa_configuration=aws.cognito.UserPoolSoftwareTokenMfaConfigurationArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.Cognito.UserPool(\"example\", new()\n {\n MfaConfiguration = \"ON\",\n SmsAuthenticationMessage = \"Your code is {####}\",\n SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs\n {\n ExternalId = \"example\",\n SnsCallerArn = aws_iam_role.Example.Arn,\n SnsRegion = \"us-east-1\",\n },\n SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\t_, err := cognito.NewUserPool(ctx, \"example\", \u0026cognito.UserPoolArgs{\n\t\t\tMfaConfiguration: pulumi.String(\"ON\"),\n\t\t\tSmsAuthenticationMessage: pulumi.String(\"Your code is {####}\"),\n\t\t\tSmsConfiguration: \u0026cognito.UserPoolSmsConfigurationArgs{\n\t\t\t\tExternalId: pulumi.String(\"example\"),\n\t\t\t\tSnsCallerArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t\tSnsRegion: pulumi.String(\"us-east-1\"),\n\t\t\t},\n\t\t\tSoftwareTokenMfaConfiguration: \u0026cognito.UserPoolSoftwareTokenMfaConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.inputs.UserPoolSmsConfigurationArgs;\nimport com.pulumi.aws.cognito.inputs.UserPoolSoftwareTokenMfaConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new UserPool(\"example\", UserPoolArgs.builder() \n .mfaConfiguration(\"ON\")\n .smsAuthenticationMessage(\"Your code is {####}\")\n .smsConfiguration(UserPoolSmsConfigurationArgs.builder()\n .externalId(\"example\")\n .snsCallerArn(aws_iam_role.example().arn())\n .snsRegion(\"us-east-1\")\n .build())\n .softwareTokenMfaConfiguration(UserPoolSoftwareTokenMfaConfigurationArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cognito:UserPool\n properties:\n mfaConfiguration: ON\n smsAuthenticationMessage: Your code is {####}\n smsConfiguration:\n externalId: example\n snsCallerArn: ${aws_iam_role.example.arn}\n snsRegion: us-east-1\n softwareTokenMfaConfiguration:\n enabled: true\n```\n{{% /example %}}\n{{% example %}}\n### Using Account Recovery Setting\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.cognito.UserPool(\"test\", {accountRecoverySetting: {\n recoveryMechanisms: [\n {\n name: \"verified_email\",\n priority: 1,\n },\n {\n name: \"verified_phone_number\",\n priority: 2,\n },\n ],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cognito.UserPool(\"test\", account_recovery_setting=aws.cognito.UserPoolAccountRecoverySettingArgs(\n recovery_mechanisms=[\n aws.cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs(\n name=\"verified_email\",\n priority=1,\n ),\n aws.cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs(\n name=\"verified_phone_number\",\n priority=2,\n ),\n ],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.Cognito.UserPool(\"test\", new()\n {\n AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs\n {\n RecoveryMechanisms = new[]\n {\n new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs\n {\n Name = \"verified_email\",\n Priority = 1,\n },\n new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs\n {\n Name = \"verified_phone_number\",\n Priority = 2,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cognito.NewUserPool(ctx, \"test\", \u0026cognito.UserPoolArgs{\n\t\t\tAccountRecoverySetting: \u0026cognito.UserPoolAccountRecoverySettingArgs{\n\t\t\t\tRecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{\n\t\t\t\t\t\u0026cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{\n\t\t\t\t\t\tName: pulumi.String(\"verified_email\"),\n\t\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{\n\t\t\t\t\t\tName: pulumi.String(\"verified_phone_number\"),\n\t\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.UserPool;\nimport com.pulumi.aws.cognito.UserPoolArgs;\nimport com.pulumi.aws.cognito.inputs.UserPoolAccountRecoverySettingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new UserPool(\"test\", UserPoolArgs.builder() \n .accountRecoverySetting(UserPoolAccountRecoverySettingArgs.builder()\n .recoveryMechanisms( \n UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()\n .name(\"verified_email\")\n .priority(1)\n .build(),\n UserPoolAccountRecoverySettingRecoveryMechanismArgs.builder()\n .name(\"verified_phone_number\")\n .priority(2)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:cognito:UserPool\n properties:\n accountRecoverySetting:\n recoveryMechanisms:\n - name: verified_email\n priority: 1\n - name: verified_phone_number\n priority: 2\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Cognito User Pools using the `id`. For example:\n\n```sh\n $ pulumi import aws:cognito/userPool:UserPool pool us-west-2_abc123\n```\n ", "properties": { "accountRecoverySetting": { "$ref": "#/types/aws:cognito/UserPoolAccountRecoverySetting:UserPoolAccountRecoverySetting", @@ -197055,7 +197055,7 @@ } }, "aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter": { - "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted private virtual interface.\nThis resource accepts ownership of a private virtual interface created by another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst accepterCallerIdentity = aws.getCallerIdentity({});\n// Accepter's side of the VIF.\nconst vpnGw = new aws.ec2.VpnGateway(\"vpnGw\", {}, {\n provider: aws.accepter,\n});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPrivateVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepterCallerIdentity.then(accepterCallerIdentity =\u003e accepterCallerIdentity.accountId),\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n}, {\n dependsOn: [vpnGw],\n});\nconst accepterHostedPrivateVirtualInterfaceAccepter = new aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", {\n virtualInterfaceId: creator.id,\n vpnGatewayId: vpnGw.id,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.Provider(\"accepter\")\n# Accepter's credentials.\naccepter_caller_identity = aws.get_caller_identity()\n# Accepter's side of the VIF.\nvpn_gw = aws.ec2.VpnGateway(\"vpnGw\", opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPrivateVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter_caller_identity.account_id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n opts=pulumi.ResourceOptions(depends_on=[vpn_gw]))\naccepter_hosted_private_virtual_interface_accepter = aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\",\n virtual_interface_id=creator.id,\n vpn_gateway_id=vpn_gw.id,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = new Aws.Provider(\"accepter\");\n\n // Accepter's credentials.\n var accepterCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Accepter's side of the VIF.\n var vpnGw = new Aws.Ec2.VpnGateway(\"vpnGw\", new()\n {\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPrivateVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepterCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n vpnGw,\n },\n });\n\n var accepterHostedPrivateVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n VpnGatewayId = vpnGw.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccepterCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnGw, err := ec2.NewVpnGateway(ctx, \"vpnGw\", nil, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcreator, err := directconnect.NewHostedPrivateVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedPrivateVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: *pulumi.String(accepterCallerIdentity.AccountId),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpnGw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedPrivateVirtualInterfaceAccepter(ctx, \"accepterHostedPrivateVirtualInterfaceAccepter\", \u0026directconnect.HostedPrivateVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tVpnGatewayId: vpnGw.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpnGateway;\nimport com.pulumi.aws.ec2.VpnGatewayArgs;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceAccepter;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceAccepterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var accepter = new Provider(\"accepter\");\n\n final var accepterCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var vpnGw = new VpnGateway(\"vpnGw\", VpnGatewayArgs.Empty, CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n var creator = new HostedPrivateVirtualInterface(\"creator\", HostedPrivateVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepterCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpnGw)\n .build());\n\n var accepterHostedPrivateVirtualInterfaceAccepter = new HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", HostedPrivateVirtualInterfaceAccepterArgs.builder() \n .virtualInterfaceId(creator.id())\n .vpnGatewayId(vpnGw.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n accepter:\n type: pulumi:providers:aws\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedPrivateVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepterCallerIdentity.accountId}\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352\n options:\n dependson:\n - ${vpnGw}\n # Accepter's side of the VIF.\n vpnGw:\n type: aws:ec2:VpnGateway\n options:\n provider: ${aws.accepter}\n accepterHostedPrivateVirtualInterfaceAccepter:\n type: aws:directconnect:HostedPrivateVirtualInterfaceAccepter\n properties:\n virtualInterfaceId: ${creator.id}\n vpnGatewayId: ${vpnGw.id}\n tags:\n Side: Accepter\n options:\n provider: ${aws.accepter}\nvariables:\n accepterCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted private virtual interfaces using the VIF `id`. For example:\n\n```sh\n $ pulumi import aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n ", + "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted private virtual interface.\nThis resource accepts ownership of a private virtual interface created by another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst accepterCallerIdentity = aws.getCallerIdentity({});\n// Accepter's side of the VIF.\nconst vpnGw = new aws.ec2.VpnGateway(\"vpnGw\", {}, {\n provider: aws.accepter,\n});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPrivateVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepterCallerIdentity.then(accepterCallerIdentity =\u003e accepterCallerIdentity.accountId),\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n}, {\n dependsOn: [vpnGw],\n});\nconst accepterHostedPrivateVirtualInterfaceAccepter = new aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", {\n virtualInterfaceId: creator.id,\n vpnGatewayId: vpnGw.id,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.Provider(\"accepter\")\n# Accepter's credentials.\naccepter_caller_identity = aws.get_caller_identity()\n# Accepter's side of the VIF.\nvpn_gw = aws.ec2.VpnGateway(\"vpnGw\", opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPrivateVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter_caller_identity.account_id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n opts=pulumi.ResourceOptions(depends_on=[vpn_gw]))\naccepter_hosted_private_virtual_interface_accepter = aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\",\n virtual_interface_id=creator.id,\n vpn_gateway_id=vpn_gw.id,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = new Aws.Provider(\"accepter\");\n\n // Accepter's credentials.\n var accepterCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Accepter's side of the VIF.\n var vpnGw = new Aws.Ec2.VpnGateway(\"vpnGw\", new()\n {\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPrivateVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepterCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n vpnGw,\n },\n });\n\n var accepterHostedPrivateVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n VpnGatewayId = vpnGw.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccepterCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the VIF.\n\t\tvpnGw, err := ec2.NewVpnGateway(ctx, \"vpnGw\", nil, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Creator's side of the VIF\n\t\tcreator, err := directconnect.NewHostedPrivateVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedPrivateVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: *pulumi.String(accepterCallerIdentity.AccountId),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpnGw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedPrivateVirtualInterfaceAccepter(ctx, \"accepterHostedPrivateVirtualInterfaceAccepter\", \u0026directconnect.HostedPrivateVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tVpnGatewayId: vpnGw.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpnGateway;\nimport com.pulumi.aws.ec2.VpnGatewayArgs;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceAccepter;\nimport com.pulumi.aws.directconnect.HostedPrivateVirtualInterfaceAccepterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var accepter = new Provider(\"accepter\");\n\n final var accepterCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var vpnGw = new VpnGateway(\"vpnGw\", VpnGatewayArgs.Empty, CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n var creator = new HostedPrivateVirtualInterface(\"creator\", HostedPrivateVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepterCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .build(), CustomResourceOptions.builder()\n .dependsOn(vpnGw)\n .build());\n\n var accepterHostedPrivateVirtualInterfaceAccepter = new HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", HostedPrivateVirtualInterfaceAccepterArgs.builder() \n .virtualInterfaceId(creator.id())\n .vpnGatewayId(vpnGw.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n accepter:\n type: pulumi:providers:aws\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedPrivateVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepterCallerIdentity.accountId}\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352\n options:\n dependson:\n - ${vpnGw}\n # Accepter's side of the VIF.\n vpnGw:\n type: aws:ec2:VpnGateway\n options:\n provider: ${aws.accepter}\n accepterHostedPrivateVirtualInterfaceAccepter:\n type: aws:directconnect:HostedPrivateVirtualInterfaceAccepter\n properties:\n virtualInterfaceId: ${creator.id}\n vpnGatewayId: ${vpnGw.id}\n tags:\n Side: Accepter\n options:\n provider: ${aws.accepter}\nvariables:\n accepterCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted private virtual interfaces using the VIF `id`. For example:\n\n```sh\n $ pulumi import aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n ", "properties": { "arn": { "type": "string", @@ -197372,7 +197372,7 @@ } }, "aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter": { - "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted public virtual interface.\nThis resource accepts ownership of a public virtual interface created by another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst accepterCallerIdentity = aws.getCallerIdentity({});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPublicVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepterCallerIdentity.then(accepterCallerIdentity =\u003e accepterCallerIdentity.accountId),\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n customerAddress: \"175.45.176.1/30\",\n amazonAddress: \"175.45.176.2/30\",\n routeFilterPrefixes: [\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n});\n// Accepter's side of the VIF.\nconst accepterHostedPublicVirtualInterfaceAccepter = new aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", {\n virtualInterfaceId: creator.id,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.Provider(\"accepter\")\n# Accepter's credentials.\naccepter_caller_identity = aws.get_caller_identity()\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPublicVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter_caller_identity.account_id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n customer_address=\"175.45.176.1/30\",\n amazon_address=\"175.45.176.2/30\",\n route_filter_prefixes=[\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ])\n# Accepter's side of the VIF.\naccepter_hosted_public_virtual_interface_accepter = aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\",\n virtual_interface_id=creator.id,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = new Aws.Provider(\"accepter\");\n\n // Accepter's credentials.\n var accepterCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPublicVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepterCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n CustomerAddress = \"175.45.176.1/30\",\n AmazonAddress = \"175.45.176.2/30\",\n RouteFilterPrefixes = new[]\n {\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n },\n });\n\n // Accepter's side of the VIF.\n var accepterHostedPublicVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccepterCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcreator, err := directconnect.NewHostedPublicVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedPublicVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: *pulumi.String(accepterCallerIdentity.AccountId),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t\tCustomerAddress: pulumi.String(\"175.45.176.1/30\"),\n\t\t\tAmazonAddress: pulumi.String(\"175.45.176.2/30\"),\n\t\t\tRouteFilterPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"210.52.109.0/24\"),\n\t\t\t\tpulumi.String(\"175.45.176.0/22\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedPublicVirtualInterfaceAccepter(ctx, \"accepterHostedPublicVirtualInterfaceAccepter\", \u0026directconnect.HostedPublicVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceAccepter;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceAccepterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var accepter = new Provider(\"accepter\");\n\n final var accepterCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var creator = new HostedPublicVirtualInterface(\"creator\", HostedPublicVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepterCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .customerAddress(\"175.45.176.1/30\")\n .amazonAddress(\"175.45.176.2/30\")\n .routeFilterPrefixes( \n \"210.52.109.0/24\",\n \"175.45.176.0/22\")\n .build());\n\n var accepterHostedPublicVirtualInterfaceAccepter = new HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", HostedPublicVirtualInterfaceAccepterArgs.builder() \n .virtualInterfaceId(creator.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n accepter:\n type: pulumi:providers:aws\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedPublicVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepterCallerIdentity.accountId}\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352\n customerAddress: 175.45.176.1/30\n amazonAddress: 175.45.176.2/30\n routeFilterPrefixes:\n - 210.52.109.0/24\n - 175.45.176.0/22\n # Accepter's side of the VIF.\n accepterHostedPublicVirtualInterfaceAccepter:\n type: aws:directconnect:HostedPublicVirtualInterfaceAccepter\n properties:\n virtualInterfaceId: ${creator.id}\n tags:\n Side: Accepter\n options:\n provider: ${aws.accepter}\nvariables:\n accepterCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted public virtual interfaces using the VIF `id`. For example:\n\n```sh\n $ pulumi import aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n ", + "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted public virtual interface.\nThis resource accepts ownership of a public virtual interface created by another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst accepterCallerIdentity = aws.getCallerIdentity({});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPublicVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepterCallerIdentity.then(accepterCallerIdentity =\u003e accepterCallerIdentity.accountId),\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n customerAddress: \"175.45.176.1/30\",\n amazonAddress: \"175.45.176.2/30\",\n routeFilterPrefixes: [\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n});\n// Accepter's side of the VIF.\nconst accepterHostedPublicVirtualInterfaceAccepter = new aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", {\n virtualInterfaceId: creator.id,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.Provider(\"accepter\")\n# Accepter's credentials.\naccepter_caller_identity = aws.get_caller_identity()\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPublicVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter_caller_identity.account_id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n customer_address=\"175.45.176.1/30\",\n amazon_address=\"175.45.176.2/30\",\n route_filter_prefixes=[\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ])\n# Accepter's side of the VIF.\naccepter_hosted_public_virtual_interface_accepter = aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\",\n virtual_interface_id=creator.id,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = new Aws.Provider(\"accepter\");\n\n // Accepter's credentials.\n var accepterCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPublicVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepterCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n CustomerAddress = \"175.45.176.1/30\",\n AmazonAddress = \"175.45.176.2/30\",\n RouteFilterPrefixes = new[]\n {\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n },\n });\n\n // Accepter's side of the VIF.\n var accepterHostedPublicVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", new()\n {\n VirtualInterfaceId = creator.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccepterCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Creator's side of the VIF\n\t\tcreator, err := directconnect.NewHostedPublicVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedPublicVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: *pulumi.String(accepterCallerIdentity.AccountId),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t\tCustomerAddress: pulumi.String(\"175.45.176.1/30\"),\n\t\t\tAmazonAddress: pulumi.String(\"175.45.176.2/30\"),\n\t\t\tRouteFilterPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"210.52.109.0/24\"),\n\t\t\t\tpulumi.String(\"175.45.176.0/22\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the VIF.\n\t\t_, err = directconnect.NewHostedPublicVirtualInterfaceAccepter(ctx, \"accepterHostedPublicVirtualInterfaceAccepter\", \u0026directconnect.HostedPublicVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceAccepter;\nimport com.pulumi.aws.directconnect.HostedPublicVirtualInterfaceAccepterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var accepter = new Provider(\"accepter\");\n\n final var accepterCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var creator = new HostedPublicVirtualInterface(\"creator\", HostedPublicVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepterCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .customerAddress(\"175.45.176.1/30\")\n .amazonAddress(\"175.45.176.2/30\")\n .routeFilterPrefixes( \n \"210.52.109.0/24\",\n \"175.45.176.0/22\")\n .build());\n\n var accepterHostedPublicVirtualInterfaceAccepter = new HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", HostedPublicVirtualInterfaceAccepterArgs.builder() \n .virtualInterfaceId(creator.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n accepter:\n type: pulumi:providers:aws\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedPublicVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepterCallerIdentity.accountId}\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352\n customerAddress: 175.45.176.1/30\n amazonAddress: 175.45.176.2/30\n routeFilterPrefixes:\n - 210.52.109.0/24\n - 175.45.176.0/22\n # Accepter's side of the VIF.\n accepterHostedPublicVirtualInterfaceAccepter:\n type: aws:directconnect:HostedPublicVirtualInterfaceAccepter\n properties:\n virtualInterfaceId: ${creator.id}\n tags:\n Side: Accepter\n options:\n provider: ${aws.accepter}\nvariables:\n accepterCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted public virtual interfaces using the VIF `id`. For example:\n\n```sh\n $ pulumi import aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n ", "properties": { "arn": { "type": "string", @@ -197659,7 +197659,7 @@ } }, "aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor": { - "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted transit virtual interface.\nThis resource accepts ownership of a transit virtual interface created by another AWS account.\n\n\u003e **NOTE:** AWS allows a Direct Connect hosted transit virtual interface to be deleted from either the allocator's or accepter's side. However, this provider only allows the Direct Connect hosted transit virtual interface to be deleted from the allocator's side by removing the corresponding `aws.directconnect.HostedTransitVirtualInterface` resource from your configuration. Removing a `aws.directconnect.HostedTransitVirtualInterfaceAcceptor` resource from your configuration will remove it from your statefile and management, **but will not delete the Direct Connect virtual interface.**\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst accepterCallerIdentity = aws.getCallerIdentity({});\n// Accepter's side of the VIF.\nconst example = new aws.directconnect.Gateway(\"example\", {amazonSideAsn: \"64512\"}, {\n provider: aws.accepter,\n});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedTransitVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepterCallerIdentity.then(accepterCallerIdentity =\u003e accepterCallerIdentity.accountId),\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n}, {\n dependsOn: [example],\n});\nconst accepterHostedTransitVirtualInterfaceAcceptor = new aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", {\n virtualInterfaceId: creator.id,\n dxGatewayId: example.id,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.Provider(\"accepter\")\n# Accepter's credentials.\naccepter_caller_identity = aws.get_caller_identity()\n# Accepter's side of the VIF.\nexample = aws.directconnect.Gateway(\"example\", amazon_side_asn=\"64512\",\nopts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedTransitVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter_caller_identity.account_id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n opts=pulumi.ResourceOptions(depends_on=[example]))\naccepter_hosted_transit_virtual_interface_acceptor = aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\",\n virtual_interface_id=creator.id,\n dx_gateway_id=example.id,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = new Aws.Provider(\"accepter\");\n\n // Accepter's credentials.\n var accepterCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Accepter's side of the VIF.\n var example = new Aws.DirectConnect.Gateway(\"example\", new()\n {\n AmazonSideAsn = \"64512\",\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedTransitVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepterCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n example,\n },\n });\n\n var accepterHostedTransitVirtualInterfaceAcceptor = new Aws.DirectConnect.HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", new()\n {\n VirtualInterfaceId = creator.Id,\n DxGatewayId = example.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccepterCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := directconnect.NewGateway(ctx, \"example\", \u0026directconnect.GatewayArgs{\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcreator, err := directconnect.NewHostedTransitVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedTransitVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: *pulumi.String(accepterCallerIdentity.AccountId),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedTransitVirtualInterfaceAcceptor(ctx, \"accepterHostedTransitVirtualInterfaceAcceptor\", \u0026directconnect.HostedTransitVirtualInterfaceAcceptorArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tDxGatewayId: example.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.Gateway;\nimport com.pulumi.aws.directconnect.GatewayArgs;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceAcceptor;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceAcceptorArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var accepter = new Provider(\"accepter\");\n\n final var accepterCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .amazonSideAsn(64512)\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n var creator = new HostedTransitVirtualInterface(\"creator\", HostedTransitVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepterCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n var accepterHostedTransitVirtualInterfaceAcceptor = new HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", HostedTransitVirtualInterfaceAcceptorArgs.builder() \n .virtualInterfaceId(creator.id())\n .dxGatewayId(example.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n accepter:\n type: pulumi:providers:aws\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedTransitVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepterCallerIdentity.accountId}\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352\n options:\n dependson:\n - ${example}\n # Accepter's side of the VIF.\n example:\n type: aws:directconnect:Gateway\n properties:\n amazonSideAsn: 64512\n options:\n provider: ${aws.accepter}\n accepterHostedTransitVirtualInterfaceAcceptor:\n type: aws:directconnect:HostedTransitVirtualInterfaceAcceptor\n properties:\n virtualInterfaceId: ${creator.id}\n dxGatewayId: ${example.id}\n tags:\n Side: Accepter\n options:\n provider: ${aws.accepter}\nvariables:\n accepterCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted transit virtual interfaces using the VIF `id`. For example:\n\n```sh\n $ pulumi import aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor test dxvif-33cc44dd\n```\n ", + "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted transit virtual interface.\nThis resource accepts ownership of a transit virtual interface created by another AWS account.\n\n\u003e **NOTE:** AWS allows a Direct Connect hosted transit virtual interface to be deleted from either the allocator's or accepter's side. However, this provider only allows the Direct Connect hosted transit virtual interface to be deleted from the allocator's side by removing the corresponding `aws.directconnect.HostedTransitVirtualInterface` resource from your configuration. Removing a `aws.directconnect.HostedTransitVirtualInterfaceAcceptor` resource from your configuration will remove it from your statefile and management, **but will not delete the Direct Connect virtual interface.**\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst accepterCallerIdentity = aws.getCallerIdentity({});\n// Accepter's side of the VIF.\nconst example = new aws.directconnect.Gateway(\"example\", {amazonSideAsn: \"64512\"}, {\n provider: aws.accepter,\n});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedTransitVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepterCallerIdentity.then(accepterCallerIdentity =\u003e accepterCallerIdentity.accountId),\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n}, {\n dependsOn: [example],\n});\nconst accepterHostedTransitVirtualInterfaceAcceptor = new aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", {\n virtualInterfaceId: creator.id,\n dxGatewayId: example.id,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccepter = aws.Provider(\"accepter\")\n# Accepter's credentials.\naccepter_caller_identity = aws.get_caller_identity()\n# Accepter's side of the VIF.\nexample = aws.directconnect.Gateway(\"example\", amazon_side_asn=\"64512\",\nopts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedTransitVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter_caller_identity.account_id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n opts=pulumi.ResourceOptions(depends_on=[example]))\naccepter_hosted_transit_virtual_interface_acceptor = aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\",\n virtual_interface_id=creator.id,\n dx_gateway_id=example.id,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var accepter = new Aws.Provider(\"accepter\");\n\n // Accepter's credentials.\n var accepterCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Accepter's side of the VIF.\n var example = new Aws.DirectConnect.Gateway(\"example\", new()\n {\n AmazonSideAsn = \"64512\",\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedTransitVirtualInterface(\"creator\", new()\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepterCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n example,\n },\n });\n\n var accepterHostedTransitVirtualInterfaceAcceptor = new Aws.DirectConnect.HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", new()\n {\n VirtualInterfaceId = creator.Id,\n DxGatewayId = example.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccepterCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the VIF.\n\t\texample, err := directconnect.NewGateway(ctx, \"example\", \u0026directconnect.GatewayArgs{\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Creator's side of the VIF\n\t\tcreator, err := directconnect.NewHostedTransitVirtualInterface(ctx, \"creator\", \u0026directconnect.HostedTransitVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: *pulumi.String(accepterCallerIdentity.AccountId),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedTransitVirtualInterfaceAcceptor(ctx, \"accepterHostedTransitVirtualInterfaceAcceptor\", \u0026directconnect.HostedTransitVirtualInterfaceAcceptorArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tDxGatewayId: example.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.directconnect.Gateway;\nimport com.pulumi.aws.directconnect.GatewayArgs;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterface;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceArgs;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceAcceptor;\nimport com.pulumi.aws.directconnect.HostedTransitVirtualInterfaceAcceptorArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var accepter = new Provider(\"accepter\");\n\n final var accepterCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var example = new Gateway(\"example\", GatewayArgs.builder() \n .amazonSideAsn(64512)\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n var creator = new HostedTransitVirtualInterface(\"creator\", HostedTransitVirtualInterfaceArgs.builder() \n .connectionId(\"dxcon-zzzzzzzz\")\n .ownerAccountId(accepterCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .vlan(4094)\n .addressFamily(\"ipv4\")\n .bgpAsn(65352)\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n var accepterHostedTransitVirtualInterfaceAcceptor = new HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", HostedTransitVirtualInterfaceAcceptorArgs.builder() \n .virtualInterfaceId(creator.id())\n .dxGatewayId(example.id())\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n accepter:\n type: pulumi:providers:aws\n # Creator's side of the VIF\n creator:\n type: aws:directconnect:HostedTransitVirtualInterface\n properties:\n connectionId: dxcon-zzzzzzzz\n ownerAccountId: ${accepterCallerIdentity.accountId}\n vlan: 4094\n addressFamily: ipv4\n bgpAsn: 65352\n options:\n dependson:\n - ${example}\n # Accepter's side of the VIF.\n example:\n type: aws:directconnect:Gateway\n properties:\n amazonSideAsn: 64512\n options:\n provider: ${aws.accepter}\n accepterHostedTransitVirtualInterfaceAcceptor:\n type: aws:directconnect:HostedTransitVirtualInterfaceAcceptor\n properties:\n virtualInterfaceId: ${creator.id}\n dxGatewayId: ${example.id}\n tags:\n Side: Accepter\n options:\n provider: ${aws.accepter}\nvariables:\n accepterCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Direct Connect hosted transit virtual interfaces using the VIF `id`. For example:\n\n```sh\n $ pulumi import aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor test dxvif-33cc44dd\n```\n ", "properties": { "arn": { "type": "string", @@ -199910,7 +199910,7 @@ } }, "aws:dms/certificate:Certificate": { - "description": "Provides a DMS (Data Migration Service) certificate resource. DMS certificates can be created, deleted, and imported.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new certificate\nconst test = new aws.dms.Certificate(\"test\", {\n certificateId: \"test-dms-certificate-tf\",\n certificatePem: \"...\",\n tags: {\n Name: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new certificate\ntest = aws.dms.Certificate(\"test\",\n certificate_id=\"test-dms-certificate-tf\",\n certificate_pem=\"...\",\n tags={\n \"Name\": \"test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new certificate\n var test = new Aws.Dms.Certificate(\"test\", new()\n {\n CertificateId = \"test-dms-certificate-tf\",\n CertificatePem = \"...\",\n Tags = \n {\n { \"Name\", \"test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dms.NewCertificate(ctx, \"test\", \u0026dms.CertificateArgs{\n\t\t\tCertificateId: pulumi.String(\"test-dms-certificate-tf\"),\n\t\t\tCertificatePem: pulumi.String(\"...\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dms.Certificate;\nimport com.pulumi.aws.dms.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Certificate(\"test\", CertificateArgs.builder() \n .certificateId(\"test-dms-certificate-tf\")\n .certificatePem(\"...\")\n .tags(Map.of(\"Name\", \"test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new certificate\n test:\n type: aws:dms:Certificate\n properties:\n certificateId: test-dms-certificate-tf\n certificatePem: '...'\n tags:\n Name: test\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import certificates using the `certificate_id`. For example:\n\n```sh\n $ pulumi import aws:dms/certificate:Certificate test test-dms-certificate-tf\n```\n ", + "description": "Provides a DMS (Data Migration Service) certificate resource. DMS certificates can be created, deleted, and imported.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new certificate\nconst test = new aws.dms.Certificate(\"test\", {\n certificateId: \"test-dms-certificate-tf\",\n certificatePem: \"...\",\n tags: {\n Name: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new certificate\ntest = aws.dms.Certificate(\"test\",\n certificate_id=\"test-dms-certificate-tf\",\n certificate_pem=\"...\",\n tags={\n \"Name\": \"test\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new certificate\n var test = new Aws.Dms.Certificate(\"test\", new()\n {\n CertificateId = \"test-dms-certificate-tf\",\n CertificatePem = \"...\",\n Tags = \n {\n { \"Name\", \"test\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new certificate\n\t\t_, err := dms.NewCertificate(ctx, \"test\", \u0026dms.CertificateArgs{\n\t\t\tCertificateId: pulumi.String(\"test-dms-certificate-tf\"),\n\t\t\tCertificatePem: pulumi.String(\"...\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dms.Certificate;\nimport com.pulumi.aws.dms.CertificateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Certificate(\"test\", CertificateArgs.builder() \n .certificateId(\"test-dms-certificate-tf\")\n .certificatePem(\"...\")\n .tags(Map.of(\"Name\", \"test\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new certificate\n test:\n type: aws:dms:Certificate\n properties:\n certificateId: test-dms-certificate-tf\n certificatePem: '...'\n tags:\n Name: test\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import certificates using the `certificate_id`. For example:\n\n```sh\n $ pulumi import aws:dms/certificate:Certificate test test-dms-certificate-tf\n```\n ", "properties": { "certificateArn": { "type": "string", @@ -200026,7 +200026,7 @@ } }, "aws:dms/endpoint:Endpoint": { - "description": "Provides a DMS (Data Migration Service) endpoint resource. DMS endpoints can be created, updated, deleted, and imported.\n\n\u003e **Note:** All arguments including the password will be stored in the raw state as plain-text. \u003e **Note:** The `s3_settings` argument is deprecated, may not be maintained, and will be removed in a future version. Use the `aws.dms.S3Endpoint` resource instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new endpoint\nconst test = new aws.dms.Endpoint(\"test\", {\n certificateArn: \"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\",\n databaseName: \"test\",\n endpointId: \"test-dms-endpoint-tf\",\n endpointType: \"source\",\n engineName: \"aurora\",\n extraConnectionAttributes: \"\",\n kmsKeyArn: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n password: \"test\",\n port: 3306,\n serverName: \"test\",\n sslMode: \"none\",\n tags: {\n Name: \"test\",\n },\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new endpoint\ntest = aws.dms.Endpoint(\"test\",\n certificate_arn=\"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\",\n database_name=\"test\",\n endpoint_id=\"test-dms-endpoint-tf\",\n endpoint_type=\"source\",\n engine_name=\"aurora\",\n extra_connection_attributes=\"\",\n kms_key_arn=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n password=\"test\",\n port=3306,\n server_name=\"test\",\n ssl_mode=\"none\",\n tags={\n \"Name\": \"test\",\n },\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new endpoint\n var test = new Aws.Dms.Endpoint(\"test\", new()\n {\n CertificateArn = \"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\",\n DatabaseName = \"test\",\n EndpointId = \"test-dms-endpoint-tf\",\n EndpointType = \"source\",\n EngineName = \"aurora\",\n ExtraConnectionAttributes = \"\",\n KmsKeyArn = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n Password = \"test\",\n Port = 3306,\n ServerName = \"test\",\n SslMode = \"none\",\n Tags = \n {\n { \"Name\", \"test\" },\n },\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dms.NewEndpoint(ctx, \"test\", \u0026dms.EndpointArgs{\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tEndpointId: pulumi.String(\"test-dms-endpoint-tf\"),\n\t\t\tEndpointType: pulumi.String(\"source\"),\n\t\t\tEngineName: pulumi.String(\"aurora\"),\n\t\t\tExtraConnectionAttributes: pulumi.String(\"\"),\n\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t\tPassword: pulumi.String(\"test\"),\n\t\t\tPort: pulumi.Int(3306),\n\t\t\tServerName: pulumi.String(\"test\"),\n\t\t\tSslMode: pulumi.String(\"none\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dms.Endpoint;\nimport com.pulumi.aws.dms.EndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Endpoint(\"test\", EndpointArgs.builder() \n .certificateArn(\"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\")\n .databaseName(\"test\")\n .endpointId(\"test-dms-endpoint-tf\")\n .endpointType(\"source\")\n .engineName(\"aurora\")\n .extraConnectionAttributes(\"\")\n .kmsKeyArn(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n .password(\"test\")\n .port(3306)\n .serverName(\"test\")\n .sslMode(\"none\")\n .tags(Map.of(\"Name\", \"test\"))\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new endpoint\n test:\n type: aws:dms:Endpoint\n properties:\n certificateArn: arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\n databaseName: test\n endpointId: test-dms-endpoint-tf\n endpointType: source\n engineName: aurora\n extraConnectionAttributes:\n kmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\n password: test\n port: 3306\n serverName: test\n sslMode: none\n tags:\n Name: test\n username: test\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import endpoints using the `endpoint_id`. For example:\n\n```sh\n $ pulumi import aws:dms/endpoint:Endpoint test test-dms-endpoint-tf\n```\n ", + "description": "Provides a DMS (Data Migration Service) endpoint resource. DMS endpoints can be created, updated, deleted, and imported.\n\n\u003e **Note:** All arguments including the password will be stored in the raw state as plain-text. \u003e **Note:** The `s3_settings` argument is deprecated, may not be maintained, and will be removed in a future version. Use the `aws.dms.S3Endpoint` resource instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new endpoint\nconst test = new aws.dms.Endpoint(\"test\", {\n certificateArn: \"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\",\n databaseName: \"test\",\n endpointId: \"test-dms-endpoint-tf\",\n endpointType: \"source\",\n engineName: \"aurora\",\n extraConnectionAttributes: \"\",\n kmsKeyArn: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n password: \"test\",\n port: 3306,\n serverName: \"test\",\n sslMode: \"none\",\n tags: {\n Name: \"test\",\n },\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new endpoint\ntest = aws.dms.Endpoint(\"test\",\n certificate_arn=\"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\",\n database_name=\"test\",\n endpoint_id=\"test-dms-endpoint-tf\",\n endpoint_type=\"source\",\n engine_name=\"aurora\",\n extra_connection_attributes=\"\",\n kms_key_arn=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n password=\"test\",\n port=3306,\n server_name=\"test\",\n ssl_mode=\"none\",\n tags={\n \"Name\": \"test\",\n },\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new endpoint\n var test = new Aws.Dms.Endpoint(\"test\", new()\n {\n CertificateArn = \"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\",\n DatabaseName = \"test\",\n EndpointId = \"test-dms-endpoint-tf\",\n EndpointType = \"source\",\n EngineName = \"aurora\",\n ExtraConnectionAttributes = \"\",\n KmsKeyArn = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n Password = \"test\",\n Port = 3306,\n ServerName = \"test\",\n SslMode = \"none\",\n Tags = \n {\n { \"Name\", \"test\" },\n },\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new endpoint\n\t\t_, err := dms.NewEndpoint(ctx, \"test\", \u0026dms.EndpointArgs{\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tEndpointId: pulumi.String(\"test-dms-endpoint-tf\"),\n\t\t\tEndpointType: pulumi.String(\"source\"),\n\t\t\tEngineName: pulumi.String(\"aurora\"),\n\t\t\tExtraConnectionAttributes: pulumi.String(\"\"),\n\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t\tPassword: pulumi.String(\"test\"),\n\t\t\tPort: pulumi.Int(3306),\n\t\t\tServerName: pulumi.String(\"test\"),\n\t\t\tSslMode: pulumi.String(\"none\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dms.Endpoint;\nimport com.pulumi.aws.dms.EndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Endpoint(\"test\", EndpointArgs.builder() \n .certificateArn(\"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\")\n .databaseName(\"test\")\n .endpointId(\"test-dms-endpoint-tf\")\n .endpointType(\"source\")\n .engineName(\"aurora\")\n .extraConnectionAttributes(\"\")\n .kmsKeyArn(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n .password(\"test\")\n .port(3306)\n .serverName(\"test\")\n .sslMode(\"none\")\n .tags(Map.of(\"Name\", \"test\"))\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new endpoint\n test:\n type: aws:dms:Endpoint\n properties:\n certificateArn: arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\n databaseName: test\n endpointId: test-dms-endpoint-tf\n endpointType: source\n engineName: aurora\n extraConnectionAttributes:\n kmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\n password: test\n port: 3306\n serverName: test\n sslMode: none\n tags:\n Name: test\n username: test\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import endpoints using the `endpoint_id`. For example:\n\n```sh\n $ pulumi import aws:dms/endpoint:Endpoint test test-dms-endpoint-tf\n```\n ", "properties": { "certificateArn": { "type": "string", @@ -200765,7 +200765,7 @@ } }, "aws:dms/replicationInstance:ReplicationInstance": { - "description": "Provides a DMS (Data Migration Service) replication instance resource. DMS replication instances can be created, updated, deleted, and imported.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nCreate required roles and then create a DMS instance, setting the depends_on to the required role policy attachments.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dmsAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n identifiers: [\"dms.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst dms_access_for_endpoint = new aws.iam.Role(\"dms-access-for-endpoint\", {assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json)});\nconst dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role: dms_access_for_endpoint.name,\n});\nconst dms_cloudwatch_logs_role = new aws.iam.Role(\"dms-cloudwatch-logs-role\", {assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json)});\nconst dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role: dms_cloudwatch_logs_role.name,\n});\nconst dms_vpc_role = new aws.iam.Role(\"dms-vpc-role\", {assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json)});\nconst dms_vpc_role_AmazonDMSVPCManagementRole = new aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role: dms_vpc_role.name,\n});\n// Create a new replication instance\nconst test = new aws.dms.ReplicationInstance(\"test\", {\n allocatedStorage: 20,\n applyImmediately: true,\n autoMinorVersionUpgrade: true,\n availabilityZone: \"us-west-2c\",\n engineVersion: \"3.1.4\",\n kmsKeyArn: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multiAz: false,\n preferredMaintenanceWindow: \"sun:10:30-sun:14:30\",\n publiclyAccessible: true,\n replicationInstanceClass: \"dms.t2.micro\",\n replicationInstanceId: \"test-dms-replication-instance-tf\",\n replicationSubnetGroupId: aws_dms_replication_subnet_group[\"test-dms-replication-subnet-group-tf\"].id,\n tags: {\n Name: \"test\",\n },\n vpcSecurityGroupIds: [\"sg-12345678\"],\n}, {\n dependsOn: [\n dms_access_for_endpoint_AmazonDMSRedshiftS3Role,\n dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole,\n dms_vpc_role_AmazonDMSVPCManagementRole,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndms_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"dms.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\ndms_access_for_endpoint = aws.iam.Role(\"dms-access-for-endpoint\", assume_role_policy=dms_assume_role.json)\ndms_access_for_endpoint__amazon_dms_redshift_s3_role = aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role=dms_access_for_endpoint.name)\ndms_cloudwatch_logs_role = aws.iam.Role(\"dms-cloudwatch-logs-role\", assume_role_policy=dms_assume_role.json)\ndms_cloudwatch_logs_role__amazon_dms_cloud_watch_logs_role = aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role=dms_cloudwatch_logs_role.name)\ndms_vpc_role = aws.iam.Role(\"dms-vpc-role\", assume_role_policy=dms_assume_role.json)\ndms_vpc_role__amazon_dmsvpc_management_role = aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role=dms_vpc_role.name)\n# Create a new replication instance\ntest = aws.dms.ReplicationInstance(\"test\",\n allocated_storage=20,\n apply_immediately=True,\n auto_minor_version_upgrade=True,\n availability_zone=\"us-west-2c\",\n engine_version=\"3.1.4\",\n kms_key_arn=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multi_az=False,\n preferred_maintenance_window=\"sun:10:30-sun:14:30\",\n publicly_accessible=True,\n replication_instance_class=\"dms.t2.micro\",\n replication_instance_id=\"test-dms-replication-instance-tf\",\n replication_subnet_group_id=aws_dms_replication_subnet_group[\"test-dms-replication-subnet-group-tf\"][\"id\"],\n tags={\n \"Name\": \"test\",\n },\n vpc_security_group_ids=[\"sg-12345678\"],\n opts=pulumi.ResourceOptions(depends_on=[\n dms_access_for_endpoint__amazon_dms_redshift_s3_role,\n dms_cloudwatch_logs_role__amazon_dms_cloud_watch_logs_role,\n dms_vpc_role__amazon_dmsvpc_management_role,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dmsAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"dms.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var dms_access_for_endpoint = new Aws.Iam.Role(\"dms-access-for-endpoint\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new Aws.Iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n Role = dms_access_for_endpoint.Name,\n });\n\n var dms_cloudwatch_logs_role = new Aws.Iam.Role(\"dms-cloudwatch-logs-role\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new Aws.Iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n Role = dms_cloudwatch_logs_role.Name,\n });\n\n var dms_vpc_role = new Aws.Iam.Role(\"dms-vpc-role\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var dms_vpc_role_AmazonDMSVPCManagementRole = new Aws.Iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n Role = dms_vpc_role.Name,\n });\n\n // Create a new replication instance\n var test = new Aws.Dms.ReplicationInstance(\"test\", new()\n {\n AllocatedStorage = 20,\n ApplyImmediately = true,\n AutoMinorVersionUpgrade = true,\n AvailabilityZone = \"us-west-2c\",\n EngineVersion = \"3.1.4\",\n KmsKeyArn = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n MultiAz = false,\n PreferredMaintenanceWindow = \"sun:10:30-sun:14:30\",\n PubliclyAccessible = true,\n ReplicationInstanceClass = \"dms.t2.micro\",\n ReplicationInstanceId = \"test-dms-replication-instance-tf\",\n ReplicationSubnetGroupId = aws_dms_replication_subnet_group.Test_dms_replication_subnet_group_tf.Id,\n Tags = \n {\n { \"Name\", \"test\" },\n },\n VpcSecurityGroupIds = new[]\n {\n \"sg-12345678\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n dms_access_for_endpoint_AmazonDMSRedshiftS3Role,\n dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole,\n dms_vpc_role_AmazonDMSVPCManagementRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdmsAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"dms.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-access-for-endpoint\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\"),\n\t\t\tRole: dms_access_for_endpoint.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-cloudwatch-logs-role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\"),\n\t\t\tRole: dms_cloudwatch_logs_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-vpc-role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-vpc-role-AmazonDMSVPCManagementRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\"),\n\t\t\tRole: dms_vpc_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dms.NewReplicationInstance(ctx, \"test\", \u0026dms.ReplicationInstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(20),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(true),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2c\"),\n\t\t\tEngineVersion: pulumi.String(\"3.1.4\"),\n\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPreferredMaintenanceWindow: pulumi.String(\"sun:10:30-sun:14:30\"),\n\t\t\tPubliclyAccessible: pulumi.Bool(true),\n\t\t\tReplicationInstanceClass: pulumi.String(\"dms.t2.micro\"),\n\t\t\tReplicationInstanceId: pulumi.String(\"test-dms-replication-instance-tf\"),\n\t\t\tReplicationSubnetGroupId: pulumi.Any(aws_dms_replication_subnet_group.TestDmsReplicationSubnetGroupTf.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"sg-12345678\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdms_access_for_endpoint_AmazonDMSRedshiftS3Role,\n\t\t\tdms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole,\n\t\t\tdms_vpc_role_AmazonDMSVPCManagementRole,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.dms.ReplicationInstance;\nimport com.pulumi.aws.dms.ReplicationInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var dmsAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"dms.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var dms_access_for_endpoint = new Role(\"dms-access-for-endpoint\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\")\n .role(dms_access_for_endpoint.name())\n .build());\n\n var dms_cloudwatch_logs_role = new Role(\"dms-cloudwatch-logs-role\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\")\n .role(dms_cloudwatch_logs_role.name())\n .build());\n\n var dms_vpc_role = new Role(\"dms-vpc-role\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var dms_vpc_role_AmazonDMSVPCManagementRole = new RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\")\n .role(dms_vpc_role.name())\n .build());\n\n var test = new ReplicationInstance(\"test\", ReplicationInstanceArgs.builder() \n .allocatedStorage(20)\n .applyImmediately(true)\n .autoMinorVersionUpgrade(true)\n .availabilityZone(\"us-west-2c\")\n .engineVersion(\"3.1.4\")\n .kmsKeyArn(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n .multiAz(false)\n .preferredMaintenanceWindow(\"sun:10:30-sun:14:30\")\n .publiclyAccessible(true)\n .replicationInstanceClass(\"dms.t2.micro\")\n .replicationInstanceId(\"test-dms-replication-instance-tf\")\n .replicationSubnetGroupId(aws_dms_replication_subnet_group.test-dms-replication-subnet-group-tf().id())\n .tags(Map.of(\"Name\", \"test\"))\n .vpcSecurityGroupIds(\"sg-12345678\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n dms_access_for_endpoint_AmazonDMSRedshiftS3Role,\n dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole,\n dms_vpc_role_AmazonDMSVPCManagementRole)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dms-access-for-endpoint:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n dms-access-for-endpoint-AmazonDMSRedshiftS3Role:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\n role: ${[\"dms-access-for-endpoint\"].name}\n dms-cloudwatch-logs-role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\n role: ${[\"dms-cloudwatch-logs-role\"].name}\n dms-vpc-role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n dms-vpc-role-AmazonDMSVPCManagementRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\n role: ${[\"dms-vpc-role\"].name}\n # Create a new replication instance\n test:\n type: aws:dms:ReplicationInstance\n properties:\n allocatedStorage: 20\n applyImmediately: true\n autoMinorVersionUpgrade: true\n availabilityZone: us-west-2c\n engineVersion: 3.1.4\n kmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\n multiAz: false\n preferredMaintenanceWindow: sun:10:30-sun:14:30\n publiclyAccessible: true\n replicationInstanceClass: dms.t2.micro\n replicationInstanceId: test-dms-replication-instance-tf\n replicationSubnetGroupId: ${aws_dms_replication_subnet_group\"test-dms-replication-subnet-group-tf\"[%!s(MISSING)].id}\n tags:\n Name: test\n vpcSecurityGroupIds:\n - sg-12345678\n options:\n dependson:\n - ${[\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\"]}\n - ${[\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\"]}\n - ${[\"dms-vpc-role-AmazonDMSVPCManagementRole\"]}\nvariables:\n dmsAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - identifiers:\n - dms.amazonaws.com\n type: Service\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import replication instances using the `replication_instance_id`. For example:\n\n```sh\n $ pulumi import aws:dms/replicationInstance:ReplicationInstance test test-dms-replication-instance-tf\n```\n ", + "description": "Provides a DMS (Data Migration Service) replication instance resource. DMS replication instances can be created, updated, deleted, and imported.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nCreate required roles and then create a DMS instance, setting the depends_on to the required role policy attachments.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dmsAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n identifiers: [\"dms.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst dms_access_for_endpoint = new aws.iam.Role(\"dms-access-for-endpoint\", {assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json)});\nconst dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role: dms_access_for_endpoint.name,\n});\nconst dms_cloudwatch_logs_role = new aws.iam.Role(\"dms-cloudwatch-logs-role\", {assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json)});\nconst dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role: dms_cloudwatch_logs_role.name,\n});\nconst dms_vpc_role = new aws.iam.Role(\"dms-vpc-role\", {assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole =\u003e dmsAssumeRole.json)});\nconst dms_vpc_role_AmazonDMSVPCManagementRole = new aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role: dms_vpc_role.name,\n});\n// Create a new replication instance\nconst test = new aws.dms.ReplicationInstance(\"test\", {\n allocatedStorage: 20,\n applyImmediately: true,\n autoMinorVersionUpgrade: true,\n availabilityZone: \"us-west-2c\",\n engineVersion: \"3.1.4\",\n kmsKeyArn: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multiAz: false,\n preferredMaintenanceWindow: \"sun:10:30-sun:14:30\",\n publiclyAccessible: true,\n replicationInstanceClass: \"dms.t2.micro\",\n replicationInstanceId: \"test-dms-replication-instance-tf\",\n replicationSubnetGroupId: aws_dms_replication_subnet_group[\"test-dms-replication-subnet-group-tf\"].id,\n tags: {\n Name: \"test\",\n },\n vpcSecurityGroupIds: [\"sg-12345678\"],\n}, {\n dependsOn: [\n dms_access_for_endpoint_AmazonDMSRedshiftS3Role,\n dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole,\n dms_vpc_role_AmazonDMSVPCManagementRole,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndms_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"dms.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\ndms_access_for_endpoint = aws.iam.Role(\"dms-access-for-endpoint\", assume_role_policy=dms_assume_role.json)\ndms_access_for_endpoint__amazon_dms_redshift_s3_role = aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role=dms_access_for_endpoint.name)\ndms_cloudwatch_logs_role = aws.iam.Role(\"dms-cloudwatch-logs-role\", assume_role_policy=dms_assume_role.json)\ndms_cloudwatch_logs_role__amazon_dms_cloud_watch_logs_role = aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role=dms_cloudwatch_logs_role.name)\ndms_vpc_role = aws.iam.Role(\"dms-vpc-role\", assume_role_policy=dms_assume_role.json)\ndms_vpc_role__amazon_dmsvpc_management_role = aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role=dms_vpc_role.name)\n# Create a new replication instance\ntest = aws.dms.ReplicationInstance(\"test\",\n allocated_storage=20,\n apply_immediately=True,\n auto_minor_version_upgrade=True,\n availability_zone=\"us-west-2c\",\n engine_version=\"3.1.4\",\n kms_key_arn=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multi_az=False,\n preferred_maintenance_window=\"sun:10:30-sun:14:30\",\n publicly_accessible=True,\n replication_instance_class=\"dms.t2.micro\",\n replication_instance_id=\"test-dms-replication-instance-tf\",\n replication_subnet_group_id=aws_dms_replication_subnet_group[\"test-dms-replication-subnet-group-tf\"][\"id\"],\n tags={\n \"Name\": \"test\",\n },\n vpc_security_group_ids=[\"sg-12345678\"],\n opts=pulumi.ResourceOptions(depends_on=[\n dms_access_for_endpoint__amazon_dms_redshift_s3_role,\n dms_cloudwatch_logs_role__amazon_dms_cloud_watch_logs_role,\n dms_vpc_role__amazon_dmsvpc_management_role,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dmsAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"dms.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var dms_access_for_endpoint = new Aws.Iam.Role(\"dms-access-for-endpoint\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new Aws.Iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n Role = dms_access_for_endpoint.Name,\n });\n\n var dms_cloudwatch_logs_role = new Aws.Iam.Role(\"dms-cloudwatch-logs-role\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new Aws.Iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n Role = dms_cloudwatch_logs_role.Name,\n });\n\n var dms_vpc_role = new Aws.Iam.Role(\"dms-vpc-role\", new()\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var dms_vpc_role_AmazonDMSVPCManagementRole = new Aws.Iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n Role = dms_vpc_role.Name,\n });\n\n // Create a new replication instance\n var test = new Aws.Dms.ReplicationInstance(\"test\", new()\n {\n AllocatedStorage = 20,\n ApplyImmediately = true,\n AutoMinorVersionUpgrade = true,\n AvailabilityZone = \"us-west-2c\",\n EngineVersion = \"3.1.4\",\n KmsKeyArn = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n MultiAz = false,\n PreferredMaintenanceWindow = \"sun:10:30-sun:14:30\",\n PubliclyAccessible = true,\n ReplicationInstanceClass = \"dms.t2.micro\",\n ReplicationInstanceId = \"test-dms-replication-instance-tf\",\n ReplicationSubnetGroupId = aws_dms_replication_subnet_group.Test_dms_replication_subnet_group_tf.Id,\n Tags = \n {\n { \"Name\", \"test\" },\n },\n VpcSecurityGroupIds = new[]\n {\n \"sg-12345678\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n dms_access_for_endpoint_AmazonDMSRedshiftS3Role,\n dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole,\n dms_vpc_role_AmazonDMSVPCManagementRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdmsAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"dms.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-access-for-endpoint\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\"),\n\t\t\tRole: dms_access_for_endpoint.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-cloudwatch-logs-role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\"),\n\t\t\tRole: dms_cloudwatch_logs_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms-vpc-role\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(dmsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms-vpc-role-AmazonDMSVPCManagementRole\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\"),\n\t\t\tRole: dms_vpc_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a new replication instance\n\t\t_, err = dms.NewReplicationInstance(ctx, \"test\", \u0026dms.ReplicationInstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(20),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(true),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2c\"),\n\t\t\tEngineVersion: pulumi.String(\"3.1.4\"),\n\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPreferredMaintenanceWindow: pulumi.String(\"sun:10:30-sun:14:30\"),\n\t\t\tPubliclyAccessible: pulumi.Bool(true),\n\t\t\tReplicationInstanceClass: pulumi.String(\"dms.t2.micro\"),\n\t\t\tReplicationInstanceId: pulumi.String(\"test-dms-replication-instance-tf\"),\n\t\t\tReplicationSubnetGroupId: pulumi.Any(aws_dms_replication_subnet_group.TestDmsReplicationSubnetGroupTf.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"sg-12345678\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tdms_access_for_endpoint_AmazonDMSRedshiftS3Role,\n\t\t\tdms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole,\n\t\t\tdms_vpc_role_AmazonDMSVPCManagementRole,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.dms.ReplicationInstance;\nimport com.pulumi.aws.dms.ReplicationInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var dmsAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"dms.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var dms_access_for_endpoint = new Role(\"dms-access-for-endpoint\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\")\n .role(dms_access_for_endpoint.name())\n .build());\n\n var dms_cloudwatch_logs_role = new Role(\"dms-cloudwatch-logs-role\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\")\n .role(dms_cloudwatch_logs_role.name())\n .build());\n\n var dms_vpc_role = new Role(\"dms-vpc-role\", RoleArgs.builder() \n .assumeRolePolicy(dmsAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var dms_vpc_role_AmazonDMSVPCManagementRole = new RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\")\n .role(dms_vpc_role.name())\n .build());\n\n var test = new ReplicationInstance(\"test\", ReplicationInstanceArgs.builder() \n .allocatedStorage(20)\n .applyImmediately(true)\n .autoMinorVersionUpgrade(true)\n .availabilityZone(\"us-west-2c\")\n .engineVersion(\"3.1.4\")\n .kmsKeyArn(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\")\n .multiAz(false)\n .preferredMaintenanceWindow(\"sun:10:30-sun:14:30\")\n .publiclyAccessible(true)\n .replicationInstanceClass(\"dms.t2.micro\")\n .replicationInstanceId(\"test-dms-replication-instance-tf\")\n .replicationSubnetGroupId(aws_dms_replication_subnet_group.test-dms-replication-subnet-group-tf().id())\n .tags(Map.of(\"Name\", \"test\"))\n .vpcSecurityGroupIds(\"sg-12345678\")\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n dms_access_for_endpoint_AmazonDMSRedshiftS3Role,\n dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole,\n dms_vpc_role_AmazonDMSVPCManagementRole)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dms-access-for-endpoint:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n dms-access-for-endpoint-AmazonDMSRedshiftS3Role:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\n role: ${[\"dms-access-for-endpoint\"].name}\n dms-cloudwatch-logs-role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\n role: ${[\"dms-cloudwatch-logs-role\"].name}\n dms-vpc-role:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${dmsAssumeRole.json}\n dms-vpc-role-AmazonDMSVPCManagementRole:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\n role: ${[\"dms-vpc-role\"].name}\n # Create a new replication instance\n test:\n type: aws:dms:ReplicationInstance\n properties:\n allocatedStorage: 20\n applyImmediately: true\n autoMinorVersionUpgrade: true\n availabilityZone: us-west-2c\n engineVersion: 3.1.4\n kmsKeyArn: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\n multiAz: false\n preferredMaintenanceWindow: sun:10:30-sun:14:30\n publiclyAccessible: true\n replicationInstanceClass: dms.t2.micro\n replicationInstanceId: test-dms-replication-instance-tf\n replicationSubnetGroupId: ${aws_dms_replication_subnet_group\"test-dms-replication-subnet-group-tf\"[%!s(MISSING)].id}\n tags:\n Name: test\n vpcSecurityGroupIds:\n - sg-12345678\n options:\n dependson:\n - ${[\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\"]}\n - ${[\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\"]}\n - ${[\"dms-vpc-role-AmazonDMSVPCManagementRole\"]}\nvariables:\n dmsAssumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - identifiers:\n - dms.amazonaws.com\n type: Service\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import replication instances using the `replication_instance_id`. For example:\n\n```sh\n $ pulumi import aws:dms/replicationInstance:ReplicationInstance test test-dms-replication-instance-tf\n```\n ", "properties": { "allocatedStorage": { "type": "integer", @@ -201075,7 +201075,7 @@ } }, "aws:dms/replicationSubnetGroup:ReplicationSubnetGroup": { - "description": "Provides a DMS (Data Migration Service) replication subnet group resource. DMS replication subnet groups can be created, updated, deleted, and imported.\n\n\u003e **Note:** AWS requires a special IAM role called `dms-vpc-role` when using this resource. See the example below to create it as part of your configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new replication subnet group\nconst example = new aws.dms.ReplicationSubnetGroup(\"example\", {\n replicationSubnetGroupDescription: \"Example replication subnet group\",\n replicationSubnetGroupId: \"example-dms-replication-subnet-group-tf\",\n subnetIds: [\n \"subnet-12345678\",\n \"subnet-12345679\",\n ],\n tags: {\n Name: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new replication subnet group\nexample = aws.dms.ReplicationSubnetGroup(\"example\",\n replication_subnet_group_description=\"Example replication subnet group\",\n replication_subnet_group_id=\"example-dms-replication-subnet-group-tf\",\n subnet_ids=[\n \"subnet-12345678\",\n \"subnet-12345679\",\n ],\n tags={\n \"Name\": \"example\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new replication subnet group\n var example = new Aws.Dms.ReplicationSubnetGroup(\"example\", new()\n {\n ReplicationSubnetGroupDescription = \"Example replication subnet group\",\n ReplicationSubnetGroupId = \"example-dms-replication-subnet-group-tf\",\n SubnetIds = new[]\n {\n \"subnet-12345678\",\n \"subnet-12345679\",\n },\n Tags = \n {\n { \"Name\", \"example\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dms.NewReplicationSubnetGroup(ctx, \"example\", \u0026dms.ReplicationSubnetGroupArgs{\n\t\t\tReplicationSubnetGroupDescription: pulumi.String(\"Example replication subnet group\"),\n\t\t\tReplicationSubnetGroupId: pulumi.String(\"example-dms-replication-subnet-group-tf\"),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"subnet-12345678\"),\n\t\t\t\tpulumi.String(\"subnet-12345679\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dms.ReplicationSubnetGroup;\nimport com.pulumi.aws.dms.ReplicationSubnetGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ReplicationSubnetGroup(\"example\", ReplicationSubnetGroupArgs.builder() \n .replicationSubnetGroupDescription(\"Example replication subnet group\")\n .replicationSubnetGroupId(\"example-dms-replication-subnet-group-tf\")\n .subnetIds( \n \"subnet-12345678\",\n \"subnet-12345679\")\n .tags(Map.of(\"Name\", \"example\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new replication subnet group\n example:\n type: aws:dms:ReplicationSubnetGroup\n properties:\n replicationSubnetGroupDescription: Example replication subnet group\n replicationSubnetGroupId: example-dms-replication-subnet-group-tf\n subnetIds:\n - subnet-12345678\n - subnet-12345679\n tags:\n Name: example\n```\n{{% /example %}}\n{{% example %}}\n### Creating special IAM role\n\nIf your account does not already include the `dms-vpc-role` IAM role, you will need to create it to allow DMS to manage subnets in the VPC.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dms_vpc_role = new aws.iam.Role(\"dms-vpc-role\", {\n description: \"Allows DMS to manage VPC\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Effect: \"Allow\",\n Principal: {\n Service: \"dms.amazonaws.com\",\n },\n Action: \"sts:AssumeRole\",\n }],\n }),\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", {\n role: dms_vpc_role.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n});\nconst exampleReplicationSubnetGroup = new aws.dms.ReplicationSubnetGroup(\"exampleReplicationSubnetGroup\", {\n replicationSubnetGroupDescription: \"Example\",\n replicationSubnetGroupId: \"example-id\",\n subnetIds: [\n \"subnet-12345678\",\n \"subnet-12345679\",\n ],\n tags: {\n Name: \"example-id\",\n },\n}, {\n dependsOn: [exampleRolePolicyAttachment],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ndms_vpc_role = aws.iam.Role(\"dms-vpc-role\",\n description=\"Allows DMS to manage VPC\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"dms.amazonaws.com\",\n },\n \"Action\": \"sts:AssumeRole\",\n }],\n }))\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\",\n role=dms_vpc_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\")\nexample_replication_subnet_group = aws.dms.ReplicationSubnetGroup(\"exampleReplicationSubnetGroup\",\n replication_subnet_group_description=\"Example\",\n replication_subnet_group_id=\"example-id\",\n subnet_ids=[\n \"subnet-12345678\",\n \"subnet-12345679\",\n ],\n tags={\n \"Name\": \"example-id\",\n },\n opts=pulumi.ResourceOptions(depends_on=[example_role_policy_attachment]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dms_vpc_role = new Aws.Iam.Role(\"dms-vpc-role\", new()\n {\n Description = \"Allows DMS to manage VPC\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"dms.amazonaws.com\",\n },\n [\"Action\"] = \"sts:AssumeRole\",\n },\n },\n }),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", new()\n {\n Role = dms_vpc_role.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n });\n\n var exampleReplicationSubnetGroup = new Aws.Dms.ReplicationSubnetGroup(\"exampleReplicationSubnetGroup\", new()\n {\n ReplicationSubnetGroupDescription = \"Example\",\n ReplicationSubnetGroupId = \"example-id\",\n SubnetIds = new[]\n {\n \"subnet-12345678\",\n \"subnet-12345679\",\n },\n Tags = \n {\n { \"Name\", \"example-id\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleRolePolicyAttachment,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"dms.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"dms-vpc-role\", \u0026iam.RoleArgs{\n\t\t\tDescription: pulumi.String(\"Allows DMS to manage VPC\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRolePolicyAttachment, err := iam.NewRolePolicyAttachment(ctx, \"exampleRolePolicyAttachment\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: dms_vpc_role.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dms.NewReplicationSubnetGroup(ctx, \"exampleReplicationSubnetGroup\", \u0026dms.ReplicationSubnetGroupArgs{\n\t\t\tReplicationSubnetGroupDescription: pulumi.String(\"Example\"),\n\t\t\tReplicationSubnetGroupId: pulumi.String(\"example-id\"),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"subnet-12345678\"),\n\t\t\t\tpulumi.String(\"subnet-12345679\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-id\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleRolePolicyAttachment,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.dms.ReplicationSubnetGroup;\nimport com.pulumi.aws.dms.ReplicationSubnetGroupArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dms_vpc_role = new Role(\"dms-vpc-role\", RoleArgs.builder() \n .description(\"Allows DMS to manage VPC\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"dms.amazonaws.com\")\n )),\n jsonProperty(\"Action\", \"sts:AssumeRole\")\n )))\n )))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(dms_vpc_role.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\")\n .build());\n\n var exampleReplicationSubnetGroup = new ReplicationSubnetGroup(\"exampleReplicationSubnetGroup\", ReplicationSubnetGroupArgs.builder() \n .replicationSubnetGroupDescription(\"Example\")\n .replicationSubnetGroupId(\"example-id\")\n .subnetIds( \n \"subnet-12345678\",\n \"subnet-12345679\")\n .tags(Map.of(\"Name\", \"example-id\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleRolePolicyAttachment)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dms-vpc-role:\n type: aws:iam:Role\n properties:\n description: Allows DMS to manage VPC\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Effect: Allow\n Principal:\n Service: dms.amazonaws.com\n Action: sts:AssumeRole\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${[\"dms-vpc-role\"].name}\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\n exampleReplicationSubnetGroup:\n type: aws:dms:ReplicationSubnetGroup\n properties:\n replicationSubnetGroupDescription: Example\n replicationSubnetGroupId: example-id\n subnetIds:\n - subnet-12345678\n - subnet-12345679\n tags:\n Name: example-id\n options:\n dependson:\n - ${exampleRolePolicyAttachment}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import replication subnet groups using the `replication_subnet_group_id`. For example:\n\n```sh\n $ pulumi import aws:dms/replicationSubnetGroup:ReplicationSubnetGroup test test-dms-replication-subnet-group-tf\n```\n ", + "description": "Provides a DMS (Data Migration Service) replication subnet group resource. DMS replication subnet groups can be created, updated, deleted, and imported.\n\n\u003e **Note:** AWS requires a special IAM role called `dms-vpc-role` when using this resource. See the example below to create it as part of your configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new replication subnet group\nconst example = new aws.dms.ReplicationSubnetGroup(\"example\", {\n replicationSubnetGroupDescription: \"Example replication subnet group\",\n replicationSubnetGroupId: \"example-dms-replication-subnet-group-tf\",\n subnetIds: [\n \"subnet-12345678\",\n \"subnet-12345679\",\n ],\n tags: {\n Name: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new replication subnet group\nexample = aws.dms.ReplicationSubnetGroup(\"example\",\n replication_subnet_group_description=\"Example replication subnet group\",\n replication_subnet_group_id=\"example-dms-replication-subnet-group-tf\",\n subnet_ids=[\n \"subnet-12345678\",\n \"subnet-12345679\",\n ],\n tags={\n \"Name\": \"example\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new replication subnet group\n var example = new Aws.Dms.ReplicationSubnetGroup(\"example\", new()\n {\n ReplicationSubnetGroupDescription = \"Example replication subnet group\",\n ReplicationSubnetGroupId = \"example-dms-replication-subnet-group-tf\",\n SubnetIds = new[]\n {\n \"subnet-12345678\",\n \"subnet-12345679\",\n },\n Tags = \n {\n { \"Name\", \"example\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new replication subnet group\n\t\t_, err := dms.NewReplicationSubnetGroup(ctx, \"example\", \u0026dms.ReplicationSubnetGroupArgs{\n\t\t\tReplicationSubnetGroupDescription: pulumi.String(\"Example replication subnet group\"),\n\t\t\tReplicationSubnetGroupId: pulumi.String(\"example-dms-replication-subnet-group-tf\"),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"subnet-12345678\"),\n\t\t\t\tpulumi.String(\"subnet-12345679\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dms.ReplicationSubnetGroup;\nimport com.pulumi.aws.dms.ReplicationSubnetGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ReplicationSubnetGroup(\"example\", ReplicationSubnetGroupArgs.builder() \n .replicationSubnetGroupDescription(\"Example replication subnet group\")\n .replicationSubnetGroupId(\"example-dms-replication-subnet-group-tf\")\n .subnetIds( \n \"subnet-12345678\",\n \"subnet-12345679\")\n .tags(Map.of(\"Name\", \"example\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new replication subnet group\n example:\n type: aws:dms:ReplicationSubnetGroup\n properties:\n replicationSubnetGroupDescription: Example replication subnet group\n replicationSubnetGroupId: example-dms-replication-subnet-group-tf\n subnetIds:\n - subnet-12345678\n - subnet-12345679\n tags:\n Name: example\n```\n{{% /example %}}\n{{% example %}}\n### Creating special IAM role\n\nIf your account does not already include the `dms-vpc-role` IAM role, you will need to create it to allow DMS to manage subnets in the VPC.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dms_vpc_role = new aws.iam.Role(\"dms-vpc-role\", {\n description: \"Allows DMS to manage VPC\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Effect: \"Allow\",\n Principal: {\n Service: \"dms.amazonaws.com\",\n },\n Action: \"sts:AssumeRole\",\n }],\n }),\n});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", {\n role: dms_vpc_role.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n});\nconst exampleReplicationSubnetGroup = new aws.dms.ReplicationSubnetGroup(\"exampleReplicationSubnetGroup\", {\n replicationSubnetGroupDescription: \"Example\",\n replicationSubnetGroupId: \"example-id\",\n subnetIds: [\n \"subnet-12345678\",\n \"subnet-12345679\",\n ],\n tags: {\n Name: \"example-id\",\n },\n}, {\n dependsOn: [exampleRolePolicyAttachment],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ndms_vpc_role = aws.iam.Role(\"dms-vpc-role\",\n description=\"Allows DMS to manage VPC\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"dms.amazonaws.com\",\n },\n \"Action\": \"sts:AssumeRole\",\n }],\n }))\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\",\n role=dms_vpc_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\")\nexample_replication_subnet_group = aws.dms.ReplicationSubnetGroup(\"exampleReplicationSubnetGroup\",\n replication_subnet_group_description=\"Example\",\n replication_subnet_group_id=\"example-id\",\n subnet_ids=[\n \"subnet-12345678\",\n \"subnet-12345679\",\n ],\n tags={\n \"Name\": \"example-id\",\n },\n opts=pulumi.ResourceOptions(depends_on=[example_role_policy_attachment]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dms_vpc_role = new Aws.Iam.Role(\"dms-vpc-role\", new()\n {\n Description = \"Allows DMS to manage VPC\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"dms.amazonaws.com\",\n },\n [\"Action\"] = \"sts:AssumeRole\",\n },\n },\n }),\n });\n\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", new()\n {\n Role = dms_vpc_role.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n });\n\n var exampleReplicationSubnetGroup = new Aws.Dms.ReplicationSubnetGroup(\"exampleReplicationSubnetGroup\", new()\n {\n ReplicationSubnetGroupDescription = \"Example\",\n ReplicationSubnetGroupId = \"example-id\",\n SubnetIds = new[]\n {\n \"subnet-12345678\",\n \"subnet-12345679\",\n },\n Tags = \n {\n { \"Name\", \"example-id\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleRolePolicyAttachment,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"dms.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"dms-vpc-role\", \u0026iam.RoleArgs{\n\t\t\tDescription: pulumi.String(\"Allows DMS to manage VPC\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRolePolicyAttachment, err := iam.NewRolePolicyAttachment(ctx, \"exampleRolePolicyAttachment\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: dms_vpc_role.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dms.NewReplicationSubnetGroup(ctx, \"exampleReplicationSubnetGroup\", \u0026dms.ReplicationSubnetGroupArgs{\n\t\t\tReplicationSubnetGroupDescription: pulumi.String(\"Example\"),\n\t\t\tReplicationSubnetGroupId: pulumi.String(\"example-id\"),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"subnet-12345678\"),\n\t\t\t\tpulumi.String(\"subnet-12345679\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-id\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleRolePolicyAttachment,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.dms.ReplicationSubnetGroup;\nimport com.pulumi.aws.dms.ReplicationSubnetGroupArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dms_vpc_role = new Role(\"dms-vpc-role\", RoleArgs.builder() \n .description(\"Allows DMS to manage VPC\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"dms.amazonaws.com\")\n )),\n jsonProperty(\"Action\", \"sts:AssumeRole\")\n )))\n )))\n .build());\n\n var exampleRolePolicyAttachment = new RolePolicyAttachment(\"exampleRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(dms_vpc_role.name())\n .policyArn(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\")\n .build());\n\n var exampleReplicationSubnetGroup = new ReplicationSubnetGroup(\"exampleReplicationSubnetGroup\", ReplicationSubnetGroupArgs.builder() \n .replicationSubnetGroupDescription(\"Example\")\n .replicationSubnetGroupId(\"example-id\")\n .subnetIds( \n \"subnet-12345678\",\n \"subnet-12345679\")\n .tags(Map.of(\"Name\", \"example-id\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleRolePolicyAttachment)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dms-vpc-role:\n type: aws:iam:Role\n properties:\n description: Allows DMS to manage VPC\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Effect: Allow\n Principal:\n Service: dms.amazonaws.com\n Action: sts:AssumeRole\n exampleRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${[\"dms-vpc-role\"].name}\n policyArn: arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\n exampleReplicationSubnetGroup:\n type: aws:dms:ReplicationSubnetGroup\n properties:\n replicationSubnetGroupDescription: Example\n replicationSubnetGroupId: example-id\n subnetIds:\n - subnet-12345678\n - subnet-12345679\n tags:\n Name: example-id\n options:\n dependson:\n - ${exampleRolePolicyAttachment}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import replication subnet groups using the `replication_subnet_group_id`. For example:\n\n```sh\n $ pulumi import aws:dms/replicationSubnetGroup:ReplicationSubnetGroup test test-dms-replication-subnet-group-tf\n```\n ", "properties": { "replicationSubnetGroupArn": { "type": "string" @@ -201201,7 +201201,7 @@ } }, "aws:dms/replicationTask:ReplicationTask": { - "description": "Provides a DMS (Data Migration Service) replication task resource. DMS replication tasks can be created, updated, deleted, and imported.\n\n\u003e **NOTE:** Changing most arguments will stop the task if it is running. You can set `start_replication_task` to resume the task afterwards.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new replication task\nconst test = new aws.dms.ReplicationTask(\"test\", {\n cdcStartTime: \"1993-05-21T05:50:00Z\",\n migrationType: \"full-load\",\n replicationInstanceArn: aws_dms_replication_instance[\"test-dms-replication-instance-tf\"].replication_instance_arn,\n replicationTaskId: \"test-dms-replication-task-tf\",\n replicationTaskSettings: \"...\",\n sourceEndpointArn: aws_dms_endpoint[\"test-dms-source-endpoint-tf\"].endpoint_arn,\n tableMappings: \"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\",\n tags: {\n Name: \"test\",\n },\n targetEndpointArn: aws_dms_endpoint[\"test-dms-target-endpoint-tf\"].endpoint_arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new replication task\ntest = aws.dms.ReplicationTask(\"test\",\n cdc_start_time=\"1993-05-21T05:50:00Z\",\n migration_type=\"full-load\",\n replication_instance_arn=aws_dms_replication_instance[\"test-dms-replication-instance-tf\"][\"replication_instance_arn\"],\n replication_task_id=\"test-dms-replication-task-tf\",\n replication_task_settings=\"...\",\n source_endpoint_arn=aws_dms_endpoint[\"test-dms-source-endpoint-tf\"][\"endpoint_arn\"],\n table_mappings=\"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\",\n tags={\n \"Name\": \"test\",\n },\n target_endpoint_arn=aws_dms_endpoint[\"test-dms-target-endpoint-tf\"][\"endpoint_arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new replication task\n var test = new Aws.Dms.ReplicationTask(\"test\", new()\n {\n CdcStartTime = \"1993-05-21T05:50:00Z\",\n MigrationType = \"full-load\",\n ReplicationInstanceArn = aws_dms_replication_instance.Test_dms_replication_instance_tf.Replication_instance_arn,\n ReplicationTaskId = \"test-dms-replication-task-tf\",\n ReplicationTaskSettings = \"...\",\n SourceEndpointArn = aws_dms_endpoint.Test_dms_source_endpoint_tf.Endpoint_arn,\n TableMappings = \"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\",\n Tags = \n {\n { \"Name\", \"test\" },\n },\n TargetEndpointArn = aws_dms_endpoint.Test_dms_target_endpoint_tf.Endpoint_arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dms.NewReplicationTask(ctx, \"test\", \u0026dms.ReplicationTaskArgs{\n\t\t\tCdcStartTime: pulumi.String(\"1993-05-21T05:50:00Z\"),\n\t\t\tMigrationType: pulumi.String(\"full-load\"),\n\t\t\tReplicationInstanceArn: pulumi.Any(aws_dms_replication_instance.TestDmsReplicationInstanceTf.Replication_instance_arn),\n\t\t\tReplicationTaskId: pulumi.String(\"test-dms-replication-task-tf\"),\n\t\t\tReplicationTaskSettings: pulumi.String(\"...\"),\n\t\t\tSourceEndpointArn: pulumi.Any(aws_dms_endpoint.TestDmsSourceEndpointTf.Endpoint_arn),\n\t\t\tTableMappings: pulumi.String(\"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tTargetEndpointArn: pulumi.Any(aws_dms_endpoint.TestDmsTargetEndpointTf.Endpoint_arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dms.ReplicationTask;\nimport com.pulumi.aws.dms.ReplicationTaskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new ReplicationTask(\"test\", ReplicationTaskArgs.builder() \n .cdcStartTime(\"1993-05-21T05:50:00Z\")\n .migrationType(\"full-load\")\n .replicationInstanceArn(aws_dms_replication_instance.test-dms-replication-instance-tf().replication_instance_arn())\n .replicationTaskId(\"test-dms-replication-task-tf\")\n .replicationTaskSettings(\"...\")\n .sourceEndpointArn(aws_dms_endpoint.test-dms-source-endpoint-tf().endpoint_arn())\n .tableMappings(\"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\")\n .tags(Map.of(\"Name\", \"test\"))\n .targetEndpointArn(aws_dms_endpoint.test-dms-target-endpoint-tf().endpoint_arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new replication task\n test:\n type: aws:dms:ReplicationTask\n properties:\n cdcStartTime: 1993-05-21T05:50:00Z\n migrationType: full-load\n replicationInstanceArn: ${aws_dms_replication_instance\"test-dms-replication-instance-tf\"[%!s(MISSING)].replication_instance_arn}\n replicationTaskId: test-dms-replication-task-tf\n replicationTaskSettings: '...'\n sourceEndpointArn: ${aws_dms_endpoint\"test-dms-source-endpoint-tf\"[%!s(MISSING)].endpoint_arn}\n tableMappings: '{\"rules\":[{\"rule-type\":\"selection\",\"rule-id\":\"1\",\"rule-name\":\"1\",\"object-locator\":{\"schema-name\":\"%\",\"table-name\":\"%\"},\"rule-action\":\"include\"}]}'\n tags:\n Name: test\n targetEndpointArn: ${aws_dms_endpoint\"test-dms-target-endpoint-tf\"[%!s(MISSING)].endpoint_arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import replication tasks using the `replication_task_id`. For example:\n\n```sh\n $ pulumi import aws:dms/replicationTask:ReplicationTask test test-dms-replication-task-tf\n```\n ", + "description": "Provides a DMS (Data Migration Service) replication task resource. DMS replication tasks can be created, updated, deleted, and imported.\n\n\u003e **NOTE:** Changing most arguments will stop the task if it is running. You can set `start_replication_task` to resume the task afterwards.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new replication task\nconst test = new aws.dms.ReplicationTask(\"test\", {\n cdcStartTime: \"1993-05-21T05:50:00Z\",\n migrationType: \"full-load\",\n replicationInstanceArn: aws_dms_replication_instance[\"test-dms-replication-instance-tf\"].replication_instance_arn,\n replicationTaskId: \"test-dms-replication-task-tf\",\n replicationTaskSettings: \"...\",\n sourceEndpointArn: aws_dms_endpoint[\"test-dms-source-endpoint-tf\"].endpoint_arn,\n tableMappings: \"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\",\n tags: {\n Name: \"test\",\n },\n targetEndpointArn: aws_dms_endpoint[\"test-dms-target-endpoint-tf\"].endpoint_arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new replication task\ntest = aws.dms.ReplicationTask(\"test\",\n cdc_start_time=\"1993-05-21T05:50:00Z\",\n migration_type=\"full-load\",\n replication_instance_arn=aws_dms_replication_instance[\"test-dms-replication-instance-tf\"][\"replication_instance_arn\"],\n replication_task_id=\"test-dms-replication-task-tf\",\n replication_task_settings=\"...\",\n source_endpoint_arn=aws_dms_endpoint[\"test-dms-source-endpoint-tf\"][\"endpoint_arn\"],\n table_mappings=\"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\",\n tags={\n \"Name\": \"test\",\n },\n target_endpoint_arn=aws_dms_endpoint[\"test-dms-target-endpoint-tf\"][\"endpoint_arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new replication task\n var test = new Aws.Dms.ReplicationTask(\"test\", new()\n {\n CdcStartTime = \"1993-05-21T05:50:00Z\",\n MigrationType = \"full-load\",\n ReplicationInstanceArn = aws_dms_replication_instance.Test_dms_replication_instance_tf.Replication_instance_arn,\n ReplicationTaskId = \"test-dms-replication-task-tf\",\n ReplicationTaskSettings = \"...\",\n SourceEndpointArn = aws_dms_endpoint.Test_dms_source_endpoint_tf.Endpoint_arn,\n TableMappings = \"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\",\n Tags = \n {\n { \"Name\", \"test\" },\n },\n TargetEndpointArn = aws_dms_endpoint.Test_dms_target_endpoint_tf.Endpoint_arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new replication task\n\t\t_, err := dms.NewReplicationTask(ctx, \"test\", \u0026dms.ReplicationTaskArgs{\n\t\t\tCdcStartTime: pulumi.String(\"1993-05-21T05:50:00Z\"),\n\t\t\tMigrationType: pulumi.String(\"full-load\"),\n\t\t\tReplicationInstanceArn: pulumi.Any(aws_dms_replication_instance.TestDmsReplicationInstanceTf.Replication_instance_arn),\n\t\t\tReplicationTaskId: pulumi.String(\"test-dms-replication-task-tf\"),\n\t\t\tReplicationTaskSettings: pulumi.String(\"...\"),\n\t\t\tSourceEndpointArn: pulumi.Any(aws_dms_endpoint.TestDmsSourceEndpointTf.Endpoint_arn),\n\t\t\tTableMappings: pulumi.String(\"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tTargetEndpointArn: pulumi.Any(aws_dms_endpoint.TestDmsTargetEndpointTf.Endpoint_arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.dms.ReplicationTask;\nimport com.pulumi.aws.dms.ReplicationTaskArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new ReplicationTask(\"test\", ReplicationTaskArgs.builder() \n .cdcStartTime(\"1993-05-21T05:50:00Z\")\n .migrationType(\"full-load\")\n .replicationInstanceArn(aws_dms_replication_instance.test-dms-replication-instance-tf().replication_instance_arn())\n .replicationTaskId(\"test-dms-replication-task-tf\")\n .replicationTaskSettings(\"...\")\n .sourceEndpointArn(aws_dms_endpoint.test-dms-source-endpoint-tf().endpoint_arn())\n .tableMappings(\"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\")\n .tags(Map.of(\"Name\", \"test\"))\n .targetEndpointArn(aws_dms_endpoint.test-dms-target-endpoint-tf().endpoint_arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new replication task\n test:\n type: aws:dms:ReplicationTask\n properties:\n cdcStartTime: 1993-05-21T05:50:00Z\n migrationType: full-load\n replicationInstanceArn: ${aws_dms_replication_instance\"test-dms-replication-instance-tf\"[%!s(MISSING)].replication_instance_arn}\n replicationTaskId: test-dms-replication-task-tf\n replicationTaskSettings: '...'\n sourceEndpointArn: ${aws_dms_endpoint\"test-dms-source-endpoint-tf\"[%!s(MISSING)].endpoint_arn}\n tableMappings: '{\"rules\":[{\"rule-type\":\"selection\",\"rule-id\":\"1\",\"rule-name\":\"1\",\"object-locator\":{\"schema-name\":\"%\",\"table-name\":\"%\"},\"rule-action\":\"include\"}]}'\n tags:\n Name: test\n targetEndpointArn: ${aws_dms_endpoint\"test-dms-target-endpoint-tf\"[%!s(MISSING)].endpoint_arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import replication tasks using the `replication_task_id`. For example:\n\n```sh\n $ pulumi import aws:dms/replicationTask:ReplicationTask test test-dms-replication-task-tf\n```\n ", "properties": { "cdcStartPosition": { "type": "string", @@ -203631,7 +203631,7 @@ } }, "aws:docdb/globalCluster:GlobalCluster": { - "description": "Manages an DocumentDB Global Cluster. A global cluster consists of one primary region and up to five read-only secondary regions. You issue write operations directly to the primary cluster in the primary region and Amazon DocumentDB automatically replicates the data to the secondary regions using dedicated infrastructure.\n\nMore information about DocumentDB Global Clusters can be found in the [DocumentDB Developer Guide](https://docs.aws.amazon.com/documentdb/latest/developerguide/global-clusters.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### New DocumentDB Global Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.Provider(\"primary\", {region: \"us-east-2\"});\nconst secondary = new aws.Provider(\"secondary\", {region: \"us-east-1\"});\nconst example = new aws.docdb.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"docdb\",\n engineVersion: \"4.0.0\",\n});\nconst primaryCluster = new aws.docdb.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.docdb.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r5.large\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.docdb.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryCluster],\n});\nconst secondaryClusterInstance = new aws.docdb.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r5.large\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.Provider(\"primary\", region=\"us-east-2\")\nsecondary = aws.Provider(\"secondary\", region=\"us-east-1\")\nexample = aws.docdb.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"docdb\",\n engine_version=\"4.0.0\")\nprimary_cluster = aws.docdb.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.docdb.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r5.large\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.docdb.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster]))\nsecondary_cluster_instance = aws.docdb.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r5.large\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Aws.Provider(\"primary\", new()\n {\n Region = \"us-east-2\",\n });\n\n var secondary = new Aws.Provider(\"secondary\", new()\n {\n Region = \"us-east-1\",\n });\n\n var example = new Aws.DocDB.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"docdb\",\n EngineVersion = \"4.0.0\",\n });\n\n var primaryCluster = new Aws.DocDB.Cluster(\"primaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var primaryClusterInstance = new Aws.DocDB.ClusterInstance(\"primaryClusterInstance\", new()\n {\n Engine = example.Engine,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r5.large\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var secondaryCluster = new Aws.DocDB.Cluster(\"secondaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryCluster,\n },\n });\n\n var secondaryClusterInstance = new Aws.DocDB.ClusterInstance(\"secondaryClusterInstance\", new()\n {\n Engine = example.Engine,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r5.large\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryClusterInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"primary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewProvider(ctx, \"secondary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := docdb.NewGlobalCluster(ctx, \"example\", \u0026docdb.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"docdb\"),\n\t\t\tEngineVersion: pulumi.String(\"4.0.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := docdb.NewCluster(ctx, \"primaryCluster\", \u0026docdb.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := docdb.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026docdb.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r5.large\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := docdb.NewCluster(ctx, \"secondaryCluster\", \u0026docdb.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryCluster,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = docdb.NewClusterInstance(ctx, \"secondaryClusterInstance\", \u0026docdb.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r5.large\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.docdb.GlobalCluster;\nimport com.pulumi.aws.docdb.GlobalClusterArgs;\nimport com.pulumi.aws.docdb.Cluster;\nimport com.pulumi.aws.docdb.ClusterArgs;\nimport com.pulumi.aws.docdb.ClusterInstance;\nimport com.pulumi.aws.docdb.ClusterInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Provider(\"primary\", ProviderArgs.builder() \n .region(\"us-east-2\")\n .build());\n\n var secondary = new Provider(\"secondary\", ProviderArgs.builder() \n .region(\"us-east-1\")\n .build());\n\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"docdb\")\n .engineVersion(\"4.0.0\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primaryCluster.id())\n .instanceClass(\"db.r5.large\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var secondaryCluster = new Cluster(\"secondaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryCluster)\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondaryCluster.id())\n .instanceClass(\"db.r5.large\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryClusterInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: pulumi:providers:aws\n properties:\n region: us-east-2\n secondary:\n type: pulumi:providers:aws\n properties:\n region: us-east-1\n example:\n type: aws:docdb:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: docdb\n engineVersion: 4.0.0\n primaryCluster:\n type: aws:docdb:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n primaryClusterInstance:\n type: aws:docdb:ClusterInstance\n properties:\n engine: ${example.engine}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primaryCluster.id}\n instanceClass: db.r5.large\n options:\n provider: ${aws.primary}\n secondaryCluster:\n type: aws:docdb:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryCluster}\n secondaryClusterInstance:\n type: aws:docdb:ClusterInstance\n properties:\n engine: ${example.engine}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondaryCluster.id}\n instanceClass: db.r5.large\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryClusterInstance}\n```\n{{% /example %}}\n{{% example %}}\n### New Global Cluster From Existing DB Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst exampleCluster = new aws.docdb.Cluster(\"exampleCluster\", {});\nconst exampleGlobalCluster = new aws.docdb.GlobalCluster(\"exampleGlobalCluster\", {\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: exampleCluster.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample_cluster = aws.docdb.Cluster(\"exampleCluster\")\nexample_global_cluster = aws.docdb.GlobalCluster(\"exampleGlobalCluster\",\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example_cluster.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var exampleCluster = new Aws.DocDB.Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new Aws.DocDB.GlobalCluster(\"exampleGlobalCluster\", new()\n {\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = exampleCluster.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCluster, err := docdb.NewCluster(ctx, \"exampleCluster\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = docdb.NewGlobalCluster(ctx, \"exampleGlobalCluster\", \u0026docdb.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: exampleCluster.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.docdb.Cluster;\nimport com.pulumi.aws.docdb.GlobalCluster;\nimport com.pulumi.aws.docdb.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCluster = new Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(exampleCluster.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:docdb:Cluster\n exampleGlobalCluster:\n type: aws:docdb:GlobalCluster\n properties:\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${exampleCluster.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_docdb_global_cluster` using the Global Cluster identifier. For example:\n\n```sh\n $ pulumi import aws:docdb/globalCluster:GlobalCluster example example\n```\n Certain resource arguments, like `source_db_cluster_identifier`, do not have an API method for reading the information after creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", + "description": "Manages an DocumentDB Global Cluster. A global cluster consists of one primary region and up to five read-only secondary regions. You issue write operations directly to the primary cluster in the primary region and Amazon DocumentDB automatically replicates the data to the secondary regions using dedicated infrastructure.\n\nMore information about DocumentDB Global Clusters can be found in the [DocumentDB Developer Guide](https://docs.aws.amazon.com/documentdb/latest/developerguide/global-clusters.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### New DocumentDB Global Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.Provider(\"primary\", {region: \"us-east-2\"});\nconst secondary = new aws.Provider(\"secondary\", {region: \"us-east-1\"});\nconst example = new aws.docdb.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"docdb\",\n engineVersion: \"4.0.0\",\n});\nconst primaryCluster = new aws.docdb.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.docdb.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r5.large\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.docdb.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryCluster],\n});\nconst secondaryClusterInstance = new aws.docdb.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r5.large\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.Provider(\"primary\", region=\"us-east-2\")\nsecondary = aws.Provider(\"secondary\", region=\"us-east-1\")\nexample = aws.docdb.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"docdb\",\n engine_version=\"4.0.0\")\nprimary_cluster = aws.docdb.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.docdb.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r5.large\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.docdb.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster]))\nsecondary_cluster_instance = aws.docdb.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r5.large\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Aws.Provider(\"primary\", new()\n {\n Region = \"us-east-2\",\n });\n\n var secondary = new Aws.Provider(\"secondary\", new()\n {\n Region = \"us-east-1\",\n });\n\n var example = new Aws.DocDB.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"docdb\",\n EngineVersion = \"4.0.0\",\n });\n\n var primaryCluster = new Aws.DocDB.Cluster(\"primaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var primaryClusterInstance = new Aws.DocDB.ClusterInstance(\"primaryClusterInstance\", new()\n {\n Engine = example.Engine,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r5.large\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var secondaryCluster = new Aws.DocDB.Cluster(\"secondaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryCluster,\n },\n });\n\n var secondaryClusterInstance = new Aws.DocDB.ClusterInstance(\"secondaryClusterInstance\", new()\n {\n Engine = example.Engine,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r5.large\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryClusterInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"primary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewProvider(ctx, \"secondary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := docdb.NewGlobalCluster(ctx, \"example\", \u0026docdb.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"docdb\"),\n\t\t\tEngineVersion: pulumi.String(\"4.0.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := docdb.NewCluster(ctx, \"primaryCluster\", \u0026docdb.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := docdb.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026docdb.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r5.large\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := docdb.NewCluster(ctx, \"secondaryCluster\", \u0026docdb.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryCluster,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = docdb.NewClusterInstance(ctx, \"secondaryClusterInstance\", \u0026docdb.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r5.large\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.docdb.GlobalCluster;\nimport com.pulumi.aws.docdb.GlobalClusterArgs;\nimport com.pulumi.aws.docdb.Cluster;\nimport com.pulumi.aws.docdb.ClusterArgs;\nimport com.pulumi.aws.docdb.ClusterInstance;\nimport com.pulumi.aws.docdb.ClusterInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Provider(\"primary\", ProviderArgs.builder() \n .region(\"us-east-2\")\n .build());\n\n var secondary = new Provider(\"secondary\", ProviderArgs.builder() \n .region(\"us-east-1\")\n .build());\n\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"docdb\")\n .engineVersion(\"4.0.0\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primaryCluster.id())\n .instanceClass(\"db.r5.large\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var secondaryCluster = new Cluster(\"secondaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryCluster)\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondaryCluster.id())\n .instanceClass(\"db.r5.large\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryClusterInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: pulumi:providers:aws\n properties:\n region: us-east-2\n secondary:\n type: pulumi:providers:aws\n properties:\n region: us-east-1\n example:\n type: aws:docdb:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: docdb\n engineVersion: 4.0.0\n primaryCluster:\n type: aws:docdb:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n primaryClusterInstance:\n type: aws:docdb:ClusterInstance\n properties:\n engine: ${example.engine}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primaryCluster.id}\n instanceClass: db.r5.large\n options:\n provider: ${aws.primary}\n secondaryCluster:\n type: aws:docdb:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryCluster}\n secondaryClusterInstance:\n type: aws:docdb:ClusterInstance\n properties:\n engine: ${example.engine}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondaryCluster.id}\n instanceClass: db.r5.large\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryClusterInstance}\n```\n{{% /example %}}\n{{% example %}}\n### New Global Cluster From Existing DB Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst exampleCluster = new aws.docdb.Cluster(\"exampleCluster\", {});\nconst exampleGlobalCluster = new aws.docdb.GlobalCluster(\"exampleGlobalCluster\", {\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: exampleCluster.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample_cluster = aws.docdb.Cluster(\"exampleCluster\")\nexample_global_cluster = aws.docdb.GlobalCluster(\"exampleGlobalCluster\",\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example_cluster.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var exampleCluster = new Aws.DocDB.Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new Aws.DocDB.GlobalCluster(\"exampleGlobalCluster\", new()\n {\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = exampleCluster.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\texampleCluster, err := docdb.NewCluster(ctx, \"exampleCluster\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = docdb.NewGlobalCluster(ctx, \"exampleGlobalCluster\", \u0026docdb.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: exampleCluster.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.docdb.Cluster;\nimport com.pulumi.aws.docdb.GlobalCluster;\nimport com.pulumi.aws.docdb.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCluster = new Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(exampleCluster.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:docdb:Cluster\n exampleGlobalCluster:\n type: aws:docdb:GlobalCluster\n properties:\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${exampleCluster.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_docdb_global_cluster` using the Global Cluster identifier. For example:\n\n```sh\n $ pulumi import aws:docdb/globalCluster:GlobalCluster example example\n```\n Certain resource arguments, like `source_db_cluster_identifier`, do not have an API method for reading the information after creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", "properties": { "arn": { "type": "string", @@ -205745,7 +205745,7 @@ } }, "aws:ec2/ami:Ami": { - "description": "The AMI resource allows the creation and management of a completely-custom\n*Amazon Machine Image* (AMI).\n\nIf you just want to duplicate an existing AMI, possibly copying it to another\nregion, it's better to use `aws.ec2.AmiCopy` instead.\n\nIf you just want to share an existing AMI with another AWS account,\nit's better to use `aws.ec2.AmiLaunchPermission` instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create an AMI that will start a machine whose root device is backed by\n// an EBS volume populated from a snapshot. We assume that such a snapshot\n// already exists with the id \"snap-xxxxxxxx\".\nconst example = new aws.ec2.Ami(\"example\", {\n ebsBlockDevices: [{\n deviceName: \"/dev/xvda\",\n snapshotId: \"snap-xxxxxxxx\",\n volumeSize: 8,\n }],\n imdsSupport: \"v2.0\",\n rootDeviceName: \"/dev/xvda\",\n virtualizationType: \"hvm\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create an AMI that will start a machine whose root device is backed by\n# an EBS volume populated from a snapshot. We assume that such a snapshot\n# already exists with the id \"snap-xxxxxxxx\".\nexample = aws.ec2.Ami(\"example\",\n ebs_block_devices=[aws.ec2.AmiEbsBlockDeviceArgs(\n device_name=\"/dev/xvda\",\n snapshot_id=\"snap-xxxxxxxx\",\n volume_size=8,\n )],\n imds_support=\"v2.0\",\n root_device_name=\"/dev/xvda\",\n virtualization_type=\"hvm\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create an AMI that will start a machine whose root device is backed by\n // an EBS volume populated from a snapshot. We assume that such a snapshot\n // already exists with the id \"snap-xxxxxxxx\".\n var example = new Aws.Ec2.Ami(\"example\", new()\n {\n EbsBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.AmiEbsBlockDeviceArgs\n {\n DeviceName = \"/dev/xvda\",\n SnapshotId = \"snap-xxxxxxxx\",\n VolumeSize = 8,\n },\n },\n ImdsSupport = \"v2.0\",\n RootDeviceName = \"/dev/xvda\",\n VirtualizationType = \"hvm\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAmi(ctx, \"example\", \u0026ec2.AmiArgs{\n\t\t\tEbsBlockDevices: ec2.AmiEbsBlockDeviceArray{\n\t\t\t\t\u0026ec2.AmiEbsBlockDeviceArgs{\n\t\t\t\t\tDeviceName: pulumi.String(\"/dev/xvda\"),\n\t\t\t\t\tSnapshotId: pulumi.String(\"snap-xxxxxxxx\"),\n\t\t\t\t\tVolumeSize: pulumi.Int(8),\n\t\t\t\t},\n\t\t\t},\n\t\t\tImdsSupport: pulumi.String(\"v2.0\"),\n\t\t\tRootDeviceName: pulumi.String(\"/dev/xvda\"),\n\t\t\tVirtualizationType: pulumi.String(\"hvm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ami;\nimport com.pulumi.aws.ec2.AmiArgs;\nimport com.pulumi.aws.ec2.inputs.AmiEbsBlockDeviceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Ami(\"example\", AmiArgs.builder() \n .ebsBlockDevices(AmiEbsBlockDeviceArgs.builder()\n .deviceName(\"/dev/xvda\")\n .snapshotId(\"snap-xxxxxxxx\")\n .volumeSize(8)\n .build())\n .imdsSupport(\"v2.0\")\n .rootDeviceName(\"/dev/xvda\")\n .virtualizationType(\"hvm\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create an AMI that will start a machine whose root device is backed by\n # // an EBS volume populated from a snapshot. We assume that such a snapshot\n # // already exists with the id \"snap-xxxxxxxx\".\n example:\n type: aws:ec2:Ami\n properties:\n ebsBlockDevices:\n - deviceName: /dev/xvda\n snapshotId: snap-xxxxxxxx\n volumeSize: 8\n imdsSupport: v2.0\n rootDeviceName: /dev/xvda\n virtualizationType: hvm\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_ami` using the ID of the AMI. For example:\n\n```sh\n $ pulumi import aws:ec2/ami:Ami example ami-12345678\n```\n ", + "description": "The AMI resource allows the creation and management of a completely-custom\n*Amazon Machine Image* (AMI).\n\nIf you just want to duplicate an existing AMI, possibly copying it to another\nregion, it's better to use `aws.ec2.AmiCopy` instead.\n\nIf you just want to share an existing AMI with another AWS account,\nit's better to use `aws.ec2.AmiLaunchPermission` instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create an AMI that will start a machine whose root device is backed by\n// an EBS volume populated from a snapshot. We assume that such a snapshot\n// already exists with the id \"snap-xxxxxxxx\".\nconst example = new aws.ec2.Ami(\"example\", {\n ebsBlockDevices: [{\n deviceName: \"/dev/xvda\",\n snapshotId: \"snap-xxxxxxxx\",\n volumeSize: 8,\n }],\n imdsSupport: \"v2.0\",\n rootDeviceName: \"/dev/xvda\",\n virtualizationType: \"hvm\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create an AMI that will start a machine whose root device is backed by\n# an EBS volume populated from a snapshot. We assume that such a snapshot\n# already exists with the id \"snap-xxxxxxxx\".\nexample = aws.ec2.Ami(\"example\",\n ebs_block_devices=[aws.ec2.AmiEbsBlockDeviceArgs(\n device_name=\"/dev/xvda\",\n snapshot_id=\"snap-xxxxxxxx\",\n volume_size=8,\n )],\n imds_support=\"v2.0\",\n root_device_name=\"/dev/xvda\",\n virtualization_type=\"hvm\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create an AMI that will start a machine whose root device is backed by\n // an EBS volume populated from a snapshot. We assume that such a snapshot\n // already exists with the id \"snap-xxxxxxxx\".\n var example = new Aws.Ec2.Ami(\"example\", new()\n {\n EbsBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.AmiEbsBlockDeviceArgs\n {\n DeviceName = \"/dev/xvda\",\n SnapshotId = \"snap-xxxxxxxx\",\n VolumeSize = 8,\n },\n },\n ImdsSupport = \"v2.0\",\n RootDeviceName = \"/dev/xvda\",\n VirtualizationType = \"hvm\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create an AMI that will start a machine whose root device is backed by\n\t\t// an EBS volume populated from a snapshot. We assume that such a snapshot\n\t\t// already exists with the id \"snap-xxxxxxxx\".\n\t\t_, err := ec2.NewAmi(ctx, \"example\", \u0026ec2.AmiArgs{\n\t\t\tEbsBlockDevices: ec2.AmiEbsBlockDeviceArray{\n\t\t\t\t\u0026ec2.AmiEbsBlockDeviceArgs{\n\t\t\t\t\tDeviceName: pulumi.String(\"/dev/xvda\"),\n\t\t\t\t\tSnapshotId: pulumi.String(\"snap-xxxxxxxx\"),\n\t\t\t\t\tVolumeSize: pulumi.Int(8),\n\t\t\t\t},\n\t\t\t},\n\t\t\tImdsSupport: pulumi.String(\"v2.0\"),\n\t\t\tRootDeviceName: pulumi.String(\"/dev/xvda\"),\n\t\t\tVirtualizationType: pulumi.String(\"hvm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ami;\nimport com.pulumi.aws.ec2.AmiArgs;\nimport com.pulumi.aws.ec2.inputs.AmiEbsBlockDeviceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Ami(\"example\", AmiArgs.builder() \n .ebsBlockDevices(AmiEbsBlockDeviceArgs.builder()\n .deviceName(\"/dev/xvda\")\n .snapshotId(\"snap-xxxxxxxx\")\n .volumeSize(8)\n .build())\n .imdsSupport(\"v2.0\")\n .rootDeviceName(\"/dev/xvda\")\n .virtualizationType(\"hvm\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create an AMI that will start a machine whose root device is backed by\n # // an EBS volume populated from a snapshot. We assume that such a snapshot\n # // already exists with the id \"snap-xxxxxxxx\".\n example:\n type: aws:ec2:Ami\n properties:\n ebsBlockDevices:\n - deviceName: /dev/xvda\n snapshotId: snap-xxxxxxxx\n volumeSize: 8\n imdsSupport: v2.0\n rootDeviceName: /dev/xvda\n virtualizationType: hvm\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_ami` using the ID of the AMI. For example:\n\n```sh\n $ pulumi import aws:ec2/ami:Ami example ami-12345678\n```\n ", "properties": { "architecture": { "type": "string", @@ -207538,7 +207538,7 @@ } }, "aws:ec2/dedicatedHost:DedicatedHost": { - "description": "Provides an EC2 Host resource. This allows Dedicated Hosts to be allocated, modified, and released.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new host with instance type of c5.18xlarge with Auto Placement\n// and Host Recovery enabled.\nconst test = new aws.ec2.DedicatedHost(\"test\", {\n autoPlacement: \"on\",\n availabilityZone: \"us-west-2a\",\n hostRecovery: \"on\",\n instanceType: \"c5.18xlarge\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new host with instance type of c5.18xlarge with Auto Placement\n# and Host Recovery enabled.\ntest = aws.ec2.DedicatedHost(\"test\",\n auto_placement=\"on\",\n availability_zone=\"us-west-2a\",\n host_recovery=\"on\",\n instance_type=\"c5.18xlarge\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new host with instance type of c5.18xlarge with Auto Placement\n // and Host Recovery enabled.\n var test = new Aws.Ec2.DedicatedHost(\"test\", new()\n {\n AutoPlacement = \"on\",\n AvailabilityZone = \"us-west-2a\",\n HostRecovery = \"on\",\n InstanceType = \"c5.18xlarge\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewDedicatedHost(ctx, \"test\", \u0026ec2.DedicatedHostArgs{\n\t\t\tAutoPlacement: pulumi.String(\"on\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tHostRecovery: pulumi.String(\"on\"),\n\t\t\tInstanceType: pulumi.String(\"c5.18xlarge\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.DedicatedHost;\nimport com.pulumi.aws.ec2.DedicatedHostArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new DedicatedHost(\"test\", DedicatedHostArgs.builder() \n .autoPlacement(\"on\")\n .availabilityZone(\"us-west-2a\")\n .hostRecovery(\"on\")\n .instanceType(\"c5.18xlarge\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new host with instance type of c5.18xlarge with Auto Placement\n # // and Host Recovery enabled.\n test:\n type: aws:ec2:DedicatedHost\n properties:\n autoPlacement: on\n availabilityZone: us-west-2a\n hostRecovery: on\n instanceType: c5.18xlarge\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import hosts using the host `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/dedicatedHost:DedicatedHost example h-0385a99d0e4b20cbb\n```\n ", + "description": "Provides an EC2 Host resource. This allows Dedicated Hosts to be allocated, modified, and released.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new host with instance type of c5.18xlarge with Auto Placement\n// and Host Recovery enabled.\nconst test = new aws.ec2.DedicatedHost(\"test\", {\n autoPlacement: \"on\",\n availabilityZone: \"us-west-2a\",\n hostRecovery: \"on\",\n instanceType: \"c5.18xlarge\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new host with instance type of c5.18xlarge with Auto Placement\n# and Host Recovery enabled.\ntest = aws.ec2.DedicatedHost(\"test\",\n auto_placement=\"on\",\n availability_zone=\"us-west-2a\",\n host_recovery=\"on\",\n instance_type=\"c5.18xlarge\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new host with instance type of c5.18xlarge with Auto Placement\n // and Host Recovery enabled.\n var test = new Aws.Ec2.DedicatedHost(\"test\", new()\n {\n AutoPlacement = \"on\",\n AvailabilityZone = \"us-west-2a\",\n HostRecovery = \"on\",\n InstanceType = \"c5.18xlarge\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new host with instance type of c5.18xlarge with Auto Placement\n\t\t// and Host Recovery enabled.\n\t\t_, err := ec2.NewDedicatedHost(ctx, \"test\", \u0026ec2.DedicatedHostArgs{\n\t\t\tAutoPlacement: pulumi.String(\"on\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tHostRecovery: pulumi.String(\"on\"),\n\t\t\tInstanceType: pulumi.String(\"c5.18xlarge\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.DedicatedHost;\nimport com.pulumi.aws.ec2.DedicatedHostArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new DedicatedHost(\"test\", DedicatedHostArgs.builder() \n .autoPlacement(\"on\")\n .availabilityZone(\"us-west-2a\")\n .hostRecovery(\"on\")\n .instanceType(\"c5.18xlarge\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new host with instance type of c5.18xlarge with Auto Placement\n # // and Host Recovery enabled.\n test:\n type: aws:ec2:DedicatedHost\n properties:\n autoPlacement: on\n availabilityZone: us-west-2a\n hostRecovery: on\n instanceType: c5.18xlarge\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import hosts using the host `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/dedicatedHost:DedicatedHost example h-0385a99d0e4b20cbb\n```\n ", "properties": { "arn": { "type": "string", @@ -207706,7 +207706,7 @@ } }, "aws:ec2/defaultNetworkAcl:DefaultNetworkAcl": { - "description": "Provides a resource to manage a VPC's default network ACL. This resource can manage the default network ACL of the default or a non-default VPC.\n\n\u003e **NOTE:** This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The `aws.ec2.DefaultNetworkAcl` behaves differently from normal resources. This provider does not _create_ this resource but instead attempts to \"adopt\" it into management.\n\nEvery VPC has a default network ACL that can be managed but not destroyed. When the provider first adopts the Default Network ACL, it **immediately removes all rules in the ACL**. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.\n\nThis resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diffs being shown. For these reasons, this resource is incompatible with the `aws.ec2.NetworkAclRule` resource.\n\nFor more information about Network ACLs, see the AWS Documentation on [Network ACLs][aws-network-acls].\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\nThe following config gives the Default Network ACL the same rules that AWS includes but pulls the resource under management by this provider. This means that any ACL rules added or changed will be detected as drift.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {\n defaultNetworkAclId: mainvpc.defaultNetworkAclId,\n ingress: [{\n protocol: \"-1\",\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: \"0.0.0.0/0\",\n fromPort: 0,\n toPort: 0,\n }],\n egress: [{\n protocol: \"-1\",\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: \"0.0.0.0/0\",\n fromPort: 0,\n toPort: 0,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultNetworkAcl(\"default\",\n default_network_acl_id=mainvpc.default_network_acl_id,\n ingress=[aws.ec2.DefaultNetworkAclIngressArgs(\n protocol=\"-1\",\n rule_no=100,\n action=\"allow\",\n cidr_block=\"0.0.0.0/0\",\n from_port=0,\n to_port=0,\n )],\n egress=[aws.ec2.DefaultNetworkAclEgressArgs(\n protocol=\"-1\",\n rule_no=100,\n action=\"allow\",\n cidr_block=\"0.0.0.0/0\",\n from_port=0,\n to_port=0,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new()\n {\n DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs\n {\n Protocol = \"-1\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = \"0.0.0.0/0\",\n FromPort = 0,\n ToPort = 0,\n },\n },\n Egress = new[]\n {\n new Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs\n {\n Protocol = \"-1\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = \"0.0.0.0/0\",\n FromPort = 0,\n ToPort = 0,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultNetworkAcl(ctx, \"default\", \u0026ec2.DefaultNetworkAclArgs{\n\t\t\tDefaultNetworkAclId: mainvpc.DefaultNetworkAclId,\n\t\t\tIngress: ec2.DefaultNetworkAclIngressArray{\n\t\t\t\t\u0026ec2.DefaultNetworkAclIngressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEgress: ec2.DefaultNetworkAclEgressArray{\n\t\t\t\t\u0026ec2.DefaultNetworkAclEgressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example: Deny All Egress Traffic, Allow Ingress\n\nThe following denies all Egress traffic by omitting any `egress` rules, while including the default `ingress` rule to allow all traffic.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {\n defaultNetworkAclId: mainvpc.defaultNetworkAclId,\n ingress: [{\n protocol: \"-1\",\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: aws_default_vpc.mainvpc.cidr_block,\n fromPort: 0,\n toPort: 0,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultNetworkAcl(\"default\",\n default_network_acl_id=mainvpc.default_network_acl_id,\n ingress=[aws.ec2.DefaultNetworkAclIngressArgs(\n protocol=\"-1\",\n rule_no=100,\n action=\"allow\",\n cidr_block=aws_default_vpc[\"mainvpc\"][\"cidr_block\"],\n from_port=0,\n to_port=0,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new()\n {\n DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs\n {\n Protocol = \"-1\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = aws_default_vpc.Mainvpc.Cidr_block,\n FromPort = 0,\n ToPort = 0,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultNetworkAcl(ctx, \"default\", \u0026ec2.DefaultNetworkAclArgs{\n\t\t\tDefaultNetworkAclId: mainvpc.DefaultNetworkAclId,\n\t\t\tIngress: ec2.DefaultNetworkAclIngressArray{\n\t\t\t\t\u0026ec2.DefaultNetworkAclIngressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.Any(aws_default_vpc.Mainvpc.Cidr_block),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example: Deny All Traffic To Any Subnet In The Default Network ACL\n\nThis config denies all traffic in the Default ACL. This can be useful if you want to lock down the VPC to force all resources to assign a non-default ACL.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {defaultNetworkAclId: mainvpc.defaultNetworkAclId});\n// no rules defined, deny all traffic in this ACL\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultNetworkAcl(\"default\", default_network_acl_id=mainvpc.default_network_acl_id)\n# no rules defined, deny all traffic in this ACL\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new()\n {\n DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,\n });\n\n // no rules defined, deny all traffic in this ACL\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultNetworkAcl(ctx, \"default\", \u0026ec2.DefaultNetworkAclArgs{\n\t\t\tDefaultNetworkAclId: mainvpc.DefaultNetworkAclId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.DefaultNetworkAcl;\nimport com.pulumi.aws.ec2.DefaultNetworkAclArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mainvpc = new Vpc(\"mainvpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var default_ = new DefaultNetworkAcl(\"default\", DefaultNetworkAclArgs.builder() \n .defaultNetworkAclId(mainvpc.defaultNetworkAclId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mainvpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n default:\n type: aws:ec2:DefaultNetworkAcl\n properties:\n defaultNetworkAclId: ${mainvpc.defaultNetworkAclId}\n```\n{{% /example %}}\n{{% example %}}\n### Managing Subnets In A Default Network ACL\n\nWithin a VPC, all Subnets must be associated with a Network ACL. In order to \"delete\" the association between a Subnet and a non-default Network ACL, the association is destroyed by replacing it with an association between the Subnet and the Default ACL instead.\n\nWhen managing the Default Network ACL, you cannot \"remove\" Subnets. Instead, they must be reassigned to another Network ACL, or the Subnet itself must be destroyed. Because of these requirements, removing the `subnet_ids` attribute from the configuration of a `aws.ec2.DefaultNetworkAcl` resource may result in a reoccurring plan, until the Subnets are reassigned to another Network ACL or are destroyed.\n\nBecause Subnets are by default associated with the Default Network ACL, any non-explicit association will show up as a plan to remove the Subnet. For example: if you have a custom `aws.ec2.NetworkAcl` with two subnets attached, and you remove the `aws.ec2.NetworkAcl` resource, after successfully destroying this resource future plans will show a diff on the managed `aws.ec2.DefaultNetworkAcl`, as those two Subnets have been orphaned by the now destroyed network acl and thus adopted by the Default Network ACL. In order to avoid a reoccurring plan, they will need to be reassigned, destroyed, or added to the `subnet_ids` attribute of the `aws.ec2.DefaultNetworkAcl` entry.\n\nAs an alternative to the above, you can also specify the following lifecycle configuration in your `aws.ec2.DefaultNetworkAcl` resource:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\ndefault = aws.ec2.DefaultNetworkAcl(\"default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewDefaultNetworkAcl(ctx, \"default\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.DefaultNetworkAcl;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new DefaultNetworkAcl(\"default\");\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:ec2:DefaultNetworkAcl\n```\n{{% /example %}}\n### Removing `aws.ec2.DefaultNetworkAcl` From Your Configuration\n\nEach AWS VPC comes with a Default Network ACL that cannot be deleted. The `aws.ec2.DefaultNetworkAcl` allows you to manage this Network ACL, but the provider cannot destroy it. Removing this resource from your configuration will remove it from your statefile and management, **but will not destroy the Network ACL.** All Subnets associations and ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console.\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Default Network ACLs using the `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/defaultNetworkAcl:DefaultNetworkAcl sample acl-7aaabd18\n```\n ", + "description": "Provides a resource to manage a VPC's default network ACL. This resource can manage the default network ACL of the default or a non-default VPC.\n\n\u003e **NOTE:** This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The `aws.ec2.DefaultNetworkAcl` behaves differently from normal resources. This provider does not _create_ this resource but instead attempts to \"adopt\" it into management.\n\nEvery VPC has a default network ACL that can be managed but not destroyed. When the provider first adopts the Default Network ACL, it **immediately removes all rules in the ACL**. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.\n\nThis resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diffs being shown. For these reasons, this resource is incompatible with the `aws.ec2.NetworkAclRule` resource.\n\nFor more information about Network ACLs, see the AWS Documentation on [Network ACLs][aws-network-acls].\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\nThe following config gives the Default Network ACL the same rules that AWS includes but pulls the resource under management by this provider. This means that any ACL rules added or changed will be detected as drift.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {\n defaultNetworkAclId: mainvpc.defaultNetworkAclId,\n ingress: [{\n protocol: \"-1\",\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: \"0.0.0.0/0\",\n fromPort: 0,\n toPort: 0,\n }],\n egress: [{\n protocol: \"-1\",\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: \"0.0.0.0/0\",\n fromPort: 0,\n toPort: 0,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultNetworkAcl(\"default\",\n default_network_acl_id=mainvpc.default_network_acl_id,\n ingress=[aws.ec2.DefaultNetworkAclIngressArgs(\n protocol=\"-1\",\n rule_no=100,\n action=\"allow\",\n cidr_block=\"0.0.0.0/0\",\n from_port=0,\n to_port=0,\n )],\n egress=[aws.ec2.DefaultNetworkAclEgressArgs(\n protocol=\"-1\",\n rule_no=100,\n action=\"allow\",\n cidr_block=\"0.0.0.0/0\",\n from_port=0,\n to_port=0,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new()\n {\n DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs\n {\n Protocol = \"-1\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = \"0.0.0.0/0\",\n FromPort = 0,\n ToPort = 0,\n },\n },\n Egress = new[]\n {\n new Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs\n {\n Protocol = \"-1\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = \"0.0.0.0/0\",\n FromPort = 0,\n ToPort = 0,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultNetworkAcl(ctx, \"default\", \u0026ec2.DefaultNetworkAclArgs{\n\t\t\tDefaultNetworkAclId: mainvpc.DefaultNetworkAclId,\n\t\t\tIngress: ec2.DefaultNetworkAclIngressArray{\n\t\t\t\t\u0026ec2.DefaultNetworkAclIngressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEgress: ec2.DefaultNetworkAclEgressArray{\n\t\t\t\t\u0026ec2.DefaultNetworkAclEgressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example: Deny All Egress Traffic, Allow Ingress\n\nThe following denies all Egress traffic by omitting any `egress` rules, while including the default `ingress` rule to allow all traffic.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {\n defaultNetworkAclId: mainvpc.defaultNetworkAclId,\n ingress: [{\n protocol: \"-1\",\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: aws_default_vpc.mainvpc.cidr_block,\n fromPort: 0,\n toPort: 0,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultNetworkAcl(\"default\",\n default_network_acl_id=mainvpc.default_network_acl_id,\n ingress=[aws.ec2.DefaultNetworkAclIngressArgs(\n protocol=\"-1\",\n rule_no=100,\n action=\"allow\",\n cidr_block=aws_default_vpc[\"mainvpc\"][\"cidr_block\"],\n from_port=0,\n to_port=0,\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new()\n {\n DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs\n {\n Protocol = \"-1\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = aws_default_vpc.Mainvpc.Cidr_block,\n FromPort = 0,\n ToPort = 0,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultNetworkAcl(ctx, \"default\", \u0026ec2.DefaultNetworkAclArgs{\n\t\t\tDefaultNetworkAclId: mainvpc.DefaultNetworkAclId,\n\t\t\tIngress: ec2.DefaultNetworkAclIngressArray{\n\t\t\t\t\u0026ec2.DefaultNetworkAclIngressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.Any(aws_default_vpc.Mainvpc.Cidr_block),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example: Deny All Traffic To Any Subnet In The Default Network ACL\n\nThis config denies all traffic in the Default ACL. This can be useful if you want to lock down the VPC to force all resources to assign a non-default ACL.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {defaultNetworkAclId: mainvpc.defaultNetworkAclId});\n// no rules defined, deny all traffic in this ACL\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultNetworkAcl(\"default\", default_network_acl_id=mainvpc.default_network_acl_id)\n# no rules defined, deny all traffic in this ACL\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new()\n {\n DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,\n });\n\n // no rules defined, deny all traffic in this ACL\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultNetworkAcl(ctx, \"default\", \u0026ec2.DefaultNetworkAclArgs{\n\t\t\tDefaultNetworkAclId: mainvpc.DefaultNetworkAclId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.DefaultNetworkAcl;\nimport com.pulumi.aws.ec2.DefaultNetworkAclArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mainvpc = new Vpc(\"mainvpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var default_ = new DefaultNetworkAcl(\"default\", DefaultNetworkAclArgs.builder() \n .defaultNetworkAclId(mainvpc.defaultNetworkAclId())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mainvpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n default:\n type: aws:ec2:DefaultNetworkAcl\n properties:\n defaultNetworkAclId: ${mainvpc.defaultNetworkAclId}\n```\n{{% /example %}}\n{{% example %}}\n### Managing Subnets In A Default Network ACL\n\nWithin a VPC, all Subnets must be associated with a Network ACL. In order to \"delete\" the association between a Subnet and a non-default Network ACL, the association is destroyed by replacing it with an association between the Subnet and the Default ACL instead.\n\nWhen managing the Default Network ACL, you cannot \"remove\" Subnets. Instead, they must be reassigned to another Network ACL, or the Subnet itself must be destroyed. Because of these requirements, removing the `subnet_ids` attribute from the configuration of a `aws.ec2.DefaultNetworkAcl` resource may result in a reoccurring plan, until the Subnets are reassigned to another Network ACL or are destroyed.\n\nBecause Subnets are by default associated with the Default Network ACL, any non-explicit association will show up as a plan to remove the Subnet. For example: if you have a custom `aws.ec2.NetworkAcl` with two subnets attached, and you remove the `aws.ec2.NetworkAcl` resource, after successfully destroying this resource future plans will show a diff on the managed `aws.ec2.DefaultNetworkAcl`, as those two Subnets have been orphaned by the now destroyed network acl and thus adopted by the Default Network ACL. In order to avoid a reoccurring plan, they will need to be reassigned, destroyed, or added to the `subnet_ids` attribute of the `aws.ec2.DefaultNetworkAcl` entry.\n\nAs an alternative to the above, you can also specify the following lifecycle configuration in your `aws.ec2.DefaultNetworkAcl` resource:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\ndefault = aws.ec2.DefaultNetworkAcl(\"default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\t_, err := ec2.NewDefaultNetworkAcl(ctx, \"default\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.DefaultNetworkAcl;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new DefaultNetworkAcl(\"default\");\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:ec2:DefaultNetworkAcl\n```\n{{% /example %}}\n### Removing `aws.ec2.DefaultNetworkAcl` From Your Configuration\n\nEach AWS VPC comes with a Default Network ACL that cannot be deleted. The `aws.ec2.DefaultNetworkAcl` allows you to manage this Network ACL, but the provider cannot destroy it. Removing this resource from your configuration will remove it from your statefile and management, **but will not destroy the Network ACL.** All Subnets associations and ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console.\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Default Network ACLs using the `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/defaultNetworkAcl:DefaultNetworkAcl sample acl-7aaabd18\n```\n ", "properties": { "arn": { "type": "string", @@ -209763,7 +209763,7 @@ } }, "aws:ec2/imageBlockPublicAccess:ImageBlockPublicAccess": { - "description": "Provides a regional public access block for AMIs. This prevents AMIs from being made publicly accessible.\nIf you already have public AMIs, they will remain publicly available.\n\n\u003e **NOTE:** Deleting this resource does not change the block public access value, the resource in simply removed from state instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Prevent making AMIs publicly accessible in the region and account for which the provider is configured\nconst test = new aws.ec2.ImageBlockPublicAccess(\"test\", {state: \"block-new-sharing\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Prevent making AMIs publicly accessible in the region and account for which the provider is configured\ntest = aws.ec2.ImageBlockPublicAccess(\"test\", state=\"block-new-sharing\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Prevent making AMIs publicly accessible in the region and account for which the provider is configured\n var test = new Aws.Ec2.ImageBlockPublicAccess(\"test\", new()\n {\n State = \"block-new-sharing\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewImageBlockPublicAccess(ctx, \"test\", \u0026ec2.ImageBlockPublicAccessArgs{\n\t\t\tState: pulumi.String(\"block-new-sharing\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.ImageBlockPublicAccess;\nimport com.pulumi.aws.ec2.ImageBlockPublicAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new ImageBlockPublicAccess(\"test\", ImageBlockPublicAccessArgs.builder() \n .state(\"block-new-sharing\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Prevent making AMIs publicly accessible in the region and account for which the provider is configured\n test:\n type: aws:ec2:ImageBlockPublicAccess\n properties:\n state: block-new-sharing\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nYou cannot import this resource.\n\n ", + "description": "Provides a regional public access block for AMIs. This prevents AMIs from being made publicly accessible.\nIf you already have public AMIs, they will remain publicly available.\n\n\u003e **NOTE:** Deleting this resource does not change the block public access value, the resource in simply removed from state instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Prevent making AMIs publicly accessible in the region and account for which the provider is configured\nconst test = new aws.ec2.ImageBlockPublicAccess(\"test\", {state: \"block-new-sharing\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Prevent making AMIs publicly accessible in the region and account for which the provider is configured\ntest = aws.ec2.ImageBlockPublicAccess(\"test\", state=\"block-new-sharing\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Prevent making AMIs publicly accessible in the region and account for which the provider is configured\n var test = new Aws.Ec2.ImageBlockPublicAccess(\"test\", new()\n {\n State = \"block-new-sharing\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Prevent making AMIs publicly accessible in the region and account for which the provider is configured\n\t\t_, err := ec2.NewImageBlockPublicAccess(ctx, \"test\", \u0026ec2.ImageBlockPublicAccessArgs{\n\t\t\tState: pulumi.String(\"block-new-sharing\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.ImageBlockPublicAccess;\nimport com.pulumi.aws.ec2.ImageBlockPublicAccessArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new ImageBlockPublicAccess(\"test\", ImageBlockPublicAccessArgs.builder() \n .state(\"block-new-sharing\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Prevent making AMIs publicly accessible in the region and account for which the provider is configured\n test:\n type: aws:ec2:ImageBlockPublicAccess\n properties:\n state: block-new-sharing\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nYou cannot import this resource.\n\n ", "properties": { "state": { "type": "string", @@ -210719,7 +210719,7 @@ "additionalProperties": { "type": "string" }, - "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n\n\u003e **Note:** It's recommended to denote that the AWS Instance or Elastic IP depends on the Internet Gateway. For example:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: aws_vpc.main.id});\n// ... other arguments ...\nconst foo = new aws.ec2.Instance(\"foo\", {}, {\n dependsOn: [gw],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=aws_vpc[\"main\"][\"id\"])\n# ... other arguments ...\nfoo = aws.ec2.Instance(\"foo\", opts=pulumi.ResourceOptions(depends_on=[gw]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new()\n {\n VpcId = aws_vpc.Main.Id,\n });\n\n // ... other arguments ...\n var foo = new Aws.Ec2.Instance(\"foo\", new()\n {\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n gw,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgw, err := ec2.NewInternetGateway(ctx, \"gw\", \u0026ec2.InternetGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", nil, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.InternetGateway;\nimport com.pulumi.aws.ec2.InternetGatewayArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gw = new InternetGateway(\"gw\", InternetGatewayArgs.builder() \n .vpcId(aws_vpc.main().id())\n .build());\n\n var foo = new Instance(\"foo\", InstanceArgs.Empty, CustomResourceOptions.builder()\n .dependsOn(gw)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gw:\n type: aws:ec2:InternetGateway\n properties:\n vpcId: ${aws_vpc.main.id}\n foo:\n type: aws:ec2:Instance\n options:\n dependson:\n - ${gw}\n```\n" + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n\n\u003e **Note:** It's recommended to denote that the AWS Instance or Elastic IP depends on the Internet Gateway. For example:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: aws_vpc.main.id});\n// ... other arguments ...\nconst foo = new aws.ec2.Instance(\"foo\", {}, {\n dependsOn: [gw],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=aws_vpc[\"main\"][\"id\"])\n# ... other arguments ...\nfoo = aws.ec2.Instance(\"foo\", opts=pulumi.ResourceOptions(depends_on=[gw]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new()\n {\n VpcId = aws_vpc.Main.Id,\n });\n\n // ... other arguments ...\n var foo = new Aws.Ec2.Instance(\"foo\", new()\n {\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n gw,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgw, err := ec2.NewInternetGateway(ctx, \"gw\", \u0026ec2.InternetGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ... other arguments ...\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", nil, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.InternetGateway;\nimport com.pulumi.aws.ec2.InternetGatewayArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gw = new InternetGateway(\"gw\", InternetGatewayArgs.builder() \n .vpcId(aws_vpc.main().id())\n .build());\n\n var foo = new Instance(\"foo\", InstanceArgs.Empty, CustomResourceOptions.builder()\n .dependsOn(gw)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gw:\n type: aws:ec2:InternetGateway\n properties:\n vpcId: ${aws_vpc.main.id}\n foo:\n type: aws:ec2:Instance\n options:\n dependson:\n - ${gw}\n```\n" }, "tagsAll": { "type": "object", @@ -210747,7 +210747,7 @@ "additionalProperties": { "type": "string" }, - "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n\n\u003e **Note:** It's recommended to denote that the AWS Instance or Elastic IP depends on the Internet Gateway. For example:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: aws_vpc.main.id});\n// ... other arguments ...\nconst foo = new aws.ec2.Instance(\"foo\", {}, {\n dependsOn: [gw],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=aws_vpc[\"main\"][\"id\"])\n# ... other arguments ...\nfoo = aws.ec2.Instance(\"foo\", opts=pulumi.ResourceOptions(depends_on=[gw]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new()\n {\n VpcId = aws_vpc.Main.Id,\n });\n\n // ... other arguments ...\n var foo = new Aws.Ec2.Instance(\"foo\", new()\n {\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n gw,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgw, err := ec2.NewInternetGateway(ctx, \"gw\", \u0026ec2.InternetGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", nil, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.InternetGateway;\nimport com.pulumi.aws.ec2.InternetGatewayArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gw = new InternetGateway(\"gw\", InternetGatewayArgs.builder() \n .vpcId(aws_vpc.main().id())\n .build());\n\n var foo = new Instance(\"foo\", InstanceArgs.Empty, CustomResourceOptions.builder()\n .dependsOn(gw)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gw:\n type: aws:ec2:InternetGateway\n properties:\n vpcId: ${aws_vpc.main.id}\n foo:\n type: aws:ec2:Instance\n options:\n dependson:\n - ${gw}\n```\n" + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n\n\u003e **Note:** It's recommended to denote that the AWS Instance or Elastic IP depends on the Internet Gateway. For example:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: aws_vpc.main.id});\n// ... other arguments ...\nconst foo = new aws.ec2.Instance(\"foo\", {}, {\n dependsOn: [gw],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=aws_vpc[\"main\"][\"id\"])\n# ... other arguments ...\nfoo = aws.ec2.Instance(\"foo\", opts=pulumi.ResourceOptions(depends_on=[gw]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new()\n {\n VpcId = aws_vpc.Main.Id,\n });\n\n // ... other arguments ...\n var foo = new Aws.Ec2.Instance(\"foo\", new()\n {\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n gw,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgw, err := ec2.NewInternetGateway(ctx, \"gw\", \u0026ec2.InternetGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ... other arguments ...\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", nil, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.InternetGateway;\nimport com.pulumi.aws.ec2.InternetGatewayArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gw = new InternetGateway(\"gw\", InternetGatewayArgs.builder() \n .vpcId(aws_vpc.main().id())\n .build());\n\n var foo = new Instance(\"foo\", InstanceArgs.Empty, CustomResourceOptions.builder()\n .dependsOn(gw)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gw:\n type: aws:ec2:InternetGateway\n properties:\n vpcId: ${aws_vpc.main.id}\n foo:\n type: aws:ec2:Instance\n options:\n dependson:\n - ${gw}\n```\n" }, "vpcId": { "type": "string", @@ -210770,7 +210770,7 @@ "additionalProperties": { "type": "string" }, - "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n\n\u003e **Note:** It's recommended to denote that the AWS Instance or Elastic IP depends on the Internet Gateway. For example:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: aws_vpc.main.id});\n// ... other arguments ...\nconst foo = new aws.ec2.Instance(\"foo\", {}, {\n dependsOn: [gw],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=aws_vpc[\"main\"][\"id\"])\n# ... other arguments ...\nfoo = aws.ec2.Instance(\"foo\", opts=pulumi.ResourceOptions(depends_on=[gw]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new()\n {\n VpcId = aws_vpc.Main.Id,\n });\n\n // ... other arguments ...\n var foo = new Aws.Ec2.Instance(\"foo\", new()\n {\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n gw,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgw, err := ec2.NewInternetGateway(ctx, \"gw\", \u0026ec2.InternetGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", nil, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.InternetGateway;\nimport com.pulumi.aws.ec2.InternetGatewayArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gw = new InternetGateway(\"gw\", InternetGatewayArgs.builder() \n .vpcId(aws_vpc.main().id())\n .build());\n\n var foo = new Instance(\"foo\", InstanceArgs.Empty, CustomResourceOptions.builder()\n .dependsOn(gw)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gw:\n type: aws:ec2:InternetGateway\n properties:\n vpcId: ${aws_vpc.main.id}\n foo:\n type: aws:ec2:Instance\n options:\n dependson:\n - ${gw}\n```\n" + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n\n\u003e **Note:** It's recommended to denote that the AWS Instance or Elastic IP depends on the Internet Gateway. For example:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: aws_vpc.main.id});\n// ... other arguments ...\nconst foo = new aws.ec2.Instance(\"foo\", {}, {\n dependsOn: [gw],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=aws_vpc[\"main\"][\"id\"])\n# ... other arguments ...\nfoo = aws.ec2.Instance(\"foo\", opts=pulumi.ResourceOptions(depends_on=[gw]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new()\n {\n VpcId = aws_vpc.Main.Id,\n });\n\n // ... other arguments ...\n var foo = new Aws.Ec2.Instance(\"foo\", new()\n {\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n gw,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgw, err := ec2.NewInternetGateway(ctx, \"gw\", \u0026ec2.InternetGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ... other arguments ...\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", nil, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.InternetGateway;\nimport com.pulumi.aws.ec2.InternetGatewayArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gw = new InternetGateway(\"gw\", InternetGatewayArgs.builder() \n .vpcId(aws_vpc.main().id())\n .build());\n\n var foo = new Instance(\"foo\", InstanceArgs.Empty, CustomResourceOptions.builder()\n .dependsOn(gw)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n gw:\n type: aws:ec2:InternetGateway\n properties:\n vpcId: ${aws_vpc.main.id}\n foo:\n type: aws:ec2:Instance\n options:\n dependson:\n - ${gw}\n```\n" }, "tagsAll": { "type": "object", @@ -213842,7 +213842,7 @@ } }, "aws:ec2/peeringConnectionOptions:PeeringConnectionOptions": { - "description": "Provides a resource to manage VPC peering connection options.\n\n\u003e **NOTE on VPC Peering Connections and VPC Peering Connection Options:** This provider provides\nboth a standalone VPC Peering Connection Options and a VPC Peering Connection\nresource with `accepter` and `requester` attributes. Do not manage options for the same VPC peering\nconnection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource.\nDoing so will cause a conflict of options and will overwrite the options.\nUsing a VPC Peering Connection Options resource decouples management of the connection options from\nmanagement of the VPC Peering Connection and allows options to be set correctly in cross-region and\ncross-account scenarios.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooVpc = new aws.ec2.Vpc(\"fooVpc\", {cidrBlock: \"10.0.0.0/16\"});\nconst bar = new aws.ec2.Vpc(\"bar\", {cidrBlock: \"10.1.0.0/16\"});\nconst fooVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", {\n vpcId: fooVpc.id,\n peerVpcId: bar.id,\n autoAccept: true,\n});\nconst fooPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"fooPeeringConnectionOptions\", {\n vpcPeeringConnectionId: fooVpcPeeringConnection.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_vpc = aws.ec2.Vpc(\"fooVpc\", cidr_block=\"10.0.0.0/16\")\nbar = aws.ec2.Vpc(\"bar\", cidr_block=\"10.1.0.0/16\")\nfoo_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\",\n vpc_id=foo_vpc.id,\n peer_vpc_id=bar.id,\n auto_accept=True)\nfoo_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"fooPeeringConnectionOptions\",\n vpc_peering_connection_id=foo_vpc_peering_connection.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooVpc = new Aws.Ec2.Vpc(\"fooVpc\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var bar = new Aws.Ec2.Vpc(\"bar\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var fooVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", new()\n {\n VpcId = fooVpc.Id,\n PeerVpcId = bar.Id,\n AutoAccept = true,\n });\n\n var fooPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"fooPeeringConnectionOptions\", new()\n {\n VpcPeeringConnectionId = fooVpcPeeringConnection.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"fooVpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewVpc(ctx, \"bar\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"fooVpcPeeringConnection\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tPeerVpcId: bar.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"fooPeeringConnectionOptions\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: fooVpcPeeringConnection.ID(),\n\t\t\tAccepter: \u0026ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.PeeringConnectionOptions;\nimport com.pulumi.aws.ec2.PeeringConnectionOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooVpc = new Vpc(\"fooVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var bar = new Vpc(\"bar\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var fooVpcPeeringConnection = new VpcPeeringConnection(\"fooVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(fooVpc.id())\n .peerVpcId(bar.id())\n .autoAccept(true)\n .build());\n\n var fooPeeringConnectionOptions = new PeeringConnectionOptions(\"fooPeeringConnectionOptions\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(fooVpcPeeringConnection.id())\n .accepter(PeeringConnectionOptionsAccepterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooVpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n bar:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n fooVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n properties:\n vpcId: ${fooVpc.id}\n peerVpcId: ${bar.id}\n autoAccept: true\n fooPeeringConnectionOptions:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n vpcPeeringConnectionId: ${fooVpcPeeringConnection.id}\n accepter:\n allowRemoteVpcDnsResolution: true\n```\n{{% /example %}}\n{{% example %}}\n### Cross-Account Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst requester = new aws.Provider(\"requester\", {});\n// Requester's credentials.\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst main = new aws.ec2.Vpc(\"main\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n}, {\n provider: aws.requester,\n});\nconst peerVpc = new aws.ec2.Vpc(\"peerVpc\", {\n cidrBlock: \"10.1.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n}, {\n provider: aws.accepter,\n});\nconst peerCallerIdentity = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peerCallerIdentity.then(peerCallerIdentity =\u003e peerCallerIdentity.accountId),\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n}, {\n provider: aws.requester,\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\nconst requesterPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"requesterPeeringConnectionOptions\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n requester: {\n allowRemoteVpcDnsResolution: true,\n },\n}, {\n provider: aws.requester,\n});\nconst accepterPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"accepterPeeringConnectionOptions\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrequester = aws.Provider(\"requester\")\n# Requester's credentials.\naccepter = aws.Provider(\"accepter\")\n# Accepter's credentials.\nmain = aws.ec2.Vpc(\"main\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True,\n opts=pulumi.ResourceOptions(provider=aws[\"requester\"]))\npeer_vpc = aws.ec2.Vpc(\"peerVpc\",\n cidr_block=\"10.1.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True,\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\npeer_caller_identity = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer_caller_identity.account_id,\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"requester\"]))\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\nrequester_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"requesterPeeringConnectionOptions\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n requester=aws.ec2.PeeringConnectionOptionsRequesterArgs(\n allow_remote_vpc_dns_resolution=True,\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"requester\"]))\naccepter_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"accepterPeeringConnectionOptions\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var requester = new Aws.Provider(\"requester\");\n\n // Requester's credentials.\n var accepter = new Aws.Provider(\"accepter\");\n\n // Accepter's credentials.\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n }, new CustomResourceOptions\n {\n Provider = aws.Requester,\n });\n\n var peerVpc = new Aws.Ec2.Vpc(\"peerVpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n var peerCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", new()\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peerCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Requester,\n });\n\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n var requesterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"requesterPeeringConnectionOptions\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Requester,\n });\n\n var accepterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"accepterPeeringConnectionOptions\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"requester\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewProvider(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t}, pulumi.Provider(aws.Requester))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peerVpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peerVpcPeeringConnection\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: *pulumi.String(peerCallerIdentity.AccountId),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Requester))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpcPeeringConnectionAccepter, err := ec2.NewVpcPeeringConnectionAccepter(ctx, \"peerVpcPeeringConnectionAccepter\", \u0026ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"requesterPeeringConnectionOptions\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tRequester: \u0026ec2.PeeringConnectionOptionsRequesterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Requester))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"accepterPeeringConnectionOptions\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tAccepter: \u0026ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepter;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepterArgs;\nimport com.pulumi.aws.ec2.PeeringConnectionOptions;\nimport com.pulumi.aws.ec2.PeeringConnectionOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsRequesterArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsAccepterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var requester = new Provider(\"requester\");\n\n var accepter = new Provider(\"accepter\");\n\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build(), CustomResourceOptions.builder()\n .provider(aws.requester())\n .build());\n\n var peerVpc = new Vpc(\"peerVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n final var peerCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var peerVpcPeeringConnection = new VpcPeeringConnection(\"peerVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(main.id())\n .peerVpcId(peerVpc.id())\n .peerOwnerId(peerCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .autoAccept(false)\n .tags(Map.of(\"Side\", \"Requester\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.requester())\n .build());\n\n var peerVpcPeeringConnectionAccepter = new VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", VpcPeeringConnectionAccepterArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnection.id())\n .autoAccept(true)\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n var requesterPeeringConnectionOptions = new PeeringConnectionOptions(\"requesterPeeringConnectionOptions\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnectionAccepter.id())\n .requester(PeeringConnectionOptionsRequesterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.requester())\n .build());\n\n var accepterPeeringConnectionOptions = new PeeringConnectionOptions(\"accepterPeeringConnectionOptions\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnectionAccepter.id())\n .accepter(PeeringConnectionOptionsAccepterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n requester:\n type: pulumi:providers:aws\n accepter:\n type: pulumi:providers:aws\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n options:\n provider: ${aws.requester}\n peerVpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n options:\n provider: ${aws.accepter}\n # Requester's side of the connection.\n peerVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n properties:\n vpcId: ${main.id}\n peerVpcId: ${peerVpc.id}\n peerOwnerId: ${peerCallerIdentity.accountId}\n autoAccept: false\n tags:\n Side: Requester\n options:\n provider: ${aws.requester}\n # Accepter's side of the connection.\n peerVpcPeeringConnectionAccepter:\n type: aws:ec2:VpcPeeringConnectionAccepter\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnection.id}\n autoAccept: true\n tags:\n Side: Accepter\n options:\n provider: ${aws.accepter}\n requesterPeeringConnectionOptions:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n # As options can't be set until the connection has been accepted\n # # create an explicit dependency on the accepter.\n vpcPeeringConnectionId: ${peerVpcPeeringConnectionAccepter.id}\n requester:\n allowRemoteVpcDnsResolution: true\n options:\n provider: ${aws.requester}\n accepterPeeringConnectionOptions:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnectionAccepter.id}\n accepter:\n allowRemoteVpcDnsResolution: true\n options:\n provider: ${aws.accepter}\nvariables:\n peerCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import VPC Peering Connection Options using the VPC peering `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/peeringConnectionOptions:PeeringConnectionOptions foo pcx-111aaa111\n```\n ", + "description": "Provides a resource to manage VPC peering connection options.\n\n\u003e **NOTE on VPC Peering Connections and VPC Peering Connection Options:** This provider provides\nboth a standalone VPC Peering Connection Options and a VPC Peering Connection\nresource with `accepter` and `requester` attributes. Do not manage options for the same VPC peering\nconnection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource.\nDoing so will cause a conflict of options and will overwrite the options.\nUsing a VPC Peering Connection Options resource decouples management of the connection options from\nmanagement of the VPC Peering Connection and allows options to be set correctly in cross-region and\ncross-account scenarios.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooVpc = new aws.ec2.Vpc(\"fooVpc\", {cidrBlock: \"10.0.0.0/16\"});\nconst bar = new aws.ec2.Vpc(\"bar\", {cidrBlock: \"10.1.0.0/16\"});\nconst fooVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", {\n vpcId: fooVpc.id,\n peerVpcId: bar.id,\n autoAccept: true,\n});\nconst fooPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"fooPeeringConnectionOptions\", {\n vpcPeeringConnectionId: fooVpcPeeringConnection.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_vpc = aws.ec2.Vpc(\"fooVpc\", cidr_block=\"10.0.0.0/16\")\nbar = aws.ec2.Vpc(\"bar\", cidr_block=\"10.1.0.0/16\")\nfoo_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\",\n vpc_id=foo_vpc.id,\n peer_vpc_id=bar.id,\n auto_accept=True)\nfoo_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"fooPeeringConnectionOptions\",\n vpc_peering_connection_id=foo_vpc_peering_connection.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooVpc = new Aws.Ec2.Vpc(\"fooVpc\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var bar = new Aws.Ec2.Vpc(\"bar\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n\n var fooVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", new()\n {\n VpcId = fooVpc.Id,\n PeerVpcId = bar.Id,\n AutoAccept = true,\n });\n\n var fooPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"fooPeeringConnectionOptions\", new()\n {\n VpcPeeringConnectionId = fooVpcPeeringConnection.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"fooVpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewVpc(ctx, \"bar\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"fooVpcPeeringConnection\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tPeerVpcId: bar.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"fooPeeringConnectionOptions\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: fooVpcPeeringConnection.ID(),\n\t\t\tAccepter: \u0026ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.PeeringConnectionOptions;\nimport com.pulumi.aws.ec2.PeeringConnectionOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsAccepterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooVpc = new Vpc(\"fooVpc\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var bar = new Vpc(\"bar\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build());\n\n var fooVpcPeeringConnection = new VpcPeeringConnection(\"fooVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(fooVpc.id())\n .peerVpcId(bar.id())\n .autoAccept(true)\n .build());\n\n var fooPeeringConnectionOptions = new PeeringConnectionOptions(\"fooPeeringConnectionOptions\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(fooVpcPeeringConnection.id())\n .accepter(PeeringConnectionOptionsAccepterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooVpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n bar:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n fooVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n properties:\n vpcId: ${fooVpc.id}\n peerVpcId: ${bar.id}\n autoAccept: true\n fooPeeringConnectionOptions:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n vpcPeeringConnectionId: ${fooVpcPeeringConnection.id}\n accepter:\n allowRemoteVpcDnsResolution: true\n```\n{{% /example %}}\n{{% example %}}\n### Cross-Account Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst requester = new aws.Provider(\"requester\", {});\n// Requester's credentials.\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst main = new aws.ec2.Vpc(\"main\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n}, {\n provider: aws.requester,\n});\nconst peerVpc = new aws.ec2.Vpc(\"peerVpc\", {\n cidrBlock: \"10.1.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n}, {\n provider: aws.accepter,\n});\nconst peerCallerIdentity = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peerCallerIdentity.then(peerCallerIdentity =\u003e peerCallerIdentity.accountId),\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n}, {\n provider: aws.requester,\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\nconst requesterPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"requesterPeeringConnectionOptions\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n requester: {\n allowRemoteVpcDnsResolution: true,\n },\n}, {\n provider: aws.requester,\n});\nconst accepterPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"accepterPeeringConnectionOptions\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrequester = aws.Provider(\"requester\")\n# Requester's credentials.\naccepter = aws.Provider(\"accepter\")\n# Accepter's credentials.\nmain = aws.ec2.Vpc(\"main\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True,\n opts=pulumi.ResourceOptions(provider=aws[\"requester\"]))\npeer_vpc = aws.ec2.Vpc(\"peerVpc\",\n cidr_block=\"10.1.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True,\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\npeer_caller_identity = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer_caller_identity.account_id,\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"requester\"]))\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\nrequester_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"requesterPeeringConnectionOptions\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n requester=aws.ec2.PeeringConnectionOptionsRequesterArgs(\n allow_remote_vpc_dns_resolution=True,\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"requester\"]))\naccepter_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"accepterPeeringConnectionOptions\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var requester = new Aws.Provider(\"requester\");\n\n // Requester's credentials.\n var accepter = new Aws.Provider(\"accepter\");\n\n // Accepter's credentials.\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n }, new CustomResourceOptions\n {\n Provider = aws.Requester,\n });\n\n var peerVpc = new Aws.Ec2.Vpc(\"peerVpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n var peerCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", new()\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peerCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Requester,\n });\n\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n var requesterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"requesterPeeringConnectionOptions\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Requester,\n });\n\n var accepterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"accepterPeeringConnectionOptions\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"requester\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewProvider(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t}, pulumi.Provider(aws.Requester))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peerVpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Requester's side of the connection.\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peerVpcPeeringConnection\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: *pulumi.String(peerCallerIdentity.AccountId),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Requester))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the connection.\n\t\tpeerVpcPeeringConnectionAccepter, err := ec2.NewVpcPeeringConnectionAccepter(ctx, \"peerVpcPeeringConnectionAccepter\", \u0026ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"requesterPeeringConnectionOptions\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tRequester: \u0026ec2.PeeringConnectionOptionsRequesterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Requester))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"accepterPeeringConnectionOptions\", \u0026ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tAccepter: \u0026ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepter;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepterArgs;\nimport com.pulumi.aws.ec2.PeeringConnectionOptions;\nimport com.pulumi.aws.ec2.PeeringConnectionOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsRequesterArgs;\nimport com.pulumi.aws.ec2.inputs.PeeringConnectionOptionsAccepterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var requester = new Provider(\"requester\");\n\n var accepter = new Provider(\"accepter\");\n\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build(), CustomResourceOptions.builder()\n .provider(aws.requester())\n .build());\n\n var peerVpc = new Vpc(\"peerVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .enableDnsSupport(true)\n .enableDnsHostnames(true)\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n final var peerCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var peerVpcPeeringConnection = new VpcPeeringConnection(\"peerVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(main.id())\n .peerVpcId(peerVpc.id())\n .peerOwnerId(peerCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .autoAccept(false)\n .tags(Map.of(\"Side\", \"Requester\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.requester())\n .build());\n\n var peerVpcPeeringConnectionAccepter = new VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", VpcPeeringConnectionAccepterArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnection.id())\n .autoAccept(true)\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n var requesterPeeringConnectionOptions = new PeeringConnectionOptions(\"requesterPeeringConnectionOptions\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnectionAccepter.id())\n .requester(PeeringConnectionOptionsRequesterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.requester())\n .build());\n\n var accepterPeeringConnectionOptions = new PeeringConnectionOptions(\"accepterPeeringConnectionOptions\", PeeringConnectionOptionsArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnectionAccepter.id())\n .accepter(PeeringConnectionOptionsAccepterArgs.builder()\n .allowRemoteVpcDnsResolution(true)\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.accepter())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n requester:\n type: pulumi:providers:aws\n accepter:\n type: pulumi:providers:aws\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n options:\n provider: ${aws.requester}\n peerVpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n enableDnsSupport: true\n enableDnsHostnames: true\n options:\n provider: ${aws.accepter}\n # Requester's side of the connection.\n peerVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n properties:\n vpcId: ${main.id}\n peerVpcId: ${peerVpc.id}\n peerOwnerId: ${peerCallerIdentity.accountId}\n autoAccept: false\n tags:\n Side: Requester\n options:\n provider: ${aws.requester}\n # Accepter's side of the connection.\n peerVpcPeeringConnectionAccepter:\n type: aws:ec2:VpcPeeringConnectionAccepter\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnection.id}\n autoAccept: true\n tags:\n Side: Accepter\n options:\n provider: ${aws.accepter}\n requesterPeeringConnectionOptions:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n # As options can't be set until the connection has been accepted\n # # create an explicit dependency on the accepter.\n vpcPeeringConnectionId: ${peerVpcPeeringConnectionAccepter.id}\n requester:\n allowRemoteVpcDnsResolution: true\n options:\n provider: ${aws.requester}\n accepterPeeringConnectionOptions:\n type: aws:ec2:PeeringConnectionOptions\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnectionAccepter.id}\n accepter:\n allowRemoteVpcDnsResolution: true\n options:\n provider: ${aws.accepter}\nvariables:\n peerCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import VPC Peering Connection Options using the VPC peering `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/peeringConnectionOptions:PeeringConnectionOptions foo pcx-111aaa111\n```\n ", "properties": { "accepter": { "$ref": "#/types/aws:ec2/PeeringConnectionOptionsAccepter:PeeringConnectionOptionsAccepter", @@ -214535,7 +214535,7 @@ } }, "aws:ec2/securityGroup:SecurityGroup": { - "description": "Provides a security group resource.\n\n\u003e **NOTE on Security Groups and Security Group Rules:** This provider currently provides a Security Group resource with `ingress` and `egress` rules defined in-line and a Security Group Rule resource which manages one or more `ingress` or `egress` rules. Both of these resource were added before AWS assigned a [security group rule unique ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html), and they do not work well in all scenarios using the`description` and `tags` attributes, which rely on the unique ID. The `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources have been added to address these limitations and should be used for all new security group rules. You should not use the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources in conjunction with an `aws.ec2.SecurityGroup` resource with in-line rules or with `aws.ec2.SecurityGroupRule` resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** The `cidr_blocks` and `ipv6_cidr_blocks` parameters are optional in the `ingress` and `egress` blocks. If nothing is specified, traffic will be blocked as described in _NOTE on Egress rules_ later.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst allowTls = new aws.ec2.SecurityGroup(\"allowTls\", {\n description: \"Allow TLS inbound traffic and all outbound traffic\",\n vpcId: aws_vpc.main.id,\n tags: {\n Name: \"allow_tls\",\n },\n});\nconst allowTlsIpv4 = new aws.vpc.SecurityGroupIngressRule(\"allowTlsIpv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: aws_vpc.main.cidr_block,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowTlsIpv6 = new aws.vpc.SecurityGroupIngressRule(\"allowTlsIpv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: aws_vpc.main.ipv6_cidr_block,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowAllTrafficIpv4 = new aws.vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: \"0.0.0.0/0\",\n ipProtocol: \"-1\",\n});\n// semantically equivalent to all ports\nconst allowAllTrafficIpv6 = new aws.vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: \"::/0\",\n ipProtocol: \"-1\",\n});\n// semantically equivalent to all ports\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nallow_tls = aws.ec2.SecurityGroup(\"allowTls\",\n description=\"Allow TLS inbound traffic and all outbound traffic\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n tags={\n \"Name\": \"allow_tls\",\n })\nallow_tls_ipv4 = aws.vpc.SecurityGroupIngressRule(\"allowTlsIpv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=aws_vpc[\"main\"][\"cidr_block\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_tls_ipv6 = aws.vpc.SecurityGroupIngressRule(\"allowTlsIpv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=aws_vpc[\"main\"][\"ipv6_cidr_block\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_all_traffic_ipv4 = aws.vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=\"0.0.0.0/0\",\n ip_protocol=\"-1\")\n# semantically equivalent to all ports\nallow_all_traffic_ipv6 = aws.vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=\"::/0\",\n ip_protocol=\"-1\")\n# semantically equivalent to all ports\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allowTls = new Aws.Ec2.SecurityGroup(\"allowTls\", new()\n {\n Description = \"Allow TLS inbound traffic and all outbound traffic\",\n VpcId = aws_vpc.Main.Id,\n Tags = \n {\n { \"Name\", \"allow_tls\" },\n },\n });\n\n var allowTlsIpv4 = new Aws.Vpc.SecurityGroupIngressRule(\"allowTlsIpv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = aws_vpc.Main.Cidr_block,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowTlsIpv6 = new Aws.Vpc.SecurityGroupIngressRule(\"allowTlsIpv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = aws_vpc.Main.Ipv6_cidr_block,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowAllTrafficIpv4 = new Aws.Vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = \"0.0.0.0/0\",\n IpProtocol = \"-1\",\n });\n\n // semantically equivalent to all ports\n var allowAllTrafficIpv6 = new Aws.Vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = \"::/0\",\n IpProtocol = \"-1\",\n });\n\n // semantically equivalent to all ports\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tallowTls, err := ec2.NewSecurityGroup(ctx, \"allowTls\", \u0026ec2.SecurityGroupArgs{\n\t\t\tDescription: pulumi.String(\"Allow TLS inbound traffic and all outbound traffic\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"allow_tls\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allowTlsIpv4\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.Any(aws_vpc.Main.Cidr_block),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allowTlsIpv6\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.Any(aws_vpc.Main.Ipv6_cidr_block),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allowAllTrafficIpv4\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allowAllTrafficIpv6\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.String(\"::/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRule;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRuleArgs;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRule;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allowTls = new SecurityGroup(\"allowTls\", SecurityGroupArgs.builder() \n .description(\"Allow TLS inbound traffic and all outbound traffic\")\n .vpcId(aws_vpc.main().id())\n .tags(Map.of(\"Name\", \"allow_tls\"))\n .build());\n\n var allowTlsIpv4 = new SecurityGroupIngressRule(\"allowTlsIpv4\", SecurityGroupIngressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv4(aws_vpc.main().cidr_block())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowTlsIpv6 = new SecurityGroupIngressRule(\"allowTlsIpv6\", SecurityGroupIngressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv6(aws_vpc.main().ipv6_cidr_block())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowAllTrafficIpv4 = new SecurityGroupEgressRule(\"allowAllTrafficIpv4\", SecurityGroupEgressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv4(\"0.0.0.0/0\")\n .ipProtocol(\"-1\")\n .build());\n\n var allowAllTrafficIpv6 = new SecurityGroupEgressRule(\"allowAllTrafficIpv6\", SecurityGroupEgressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv6(\"::/0\")\n .ipProtocol(\"-1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowTls:\n type: aws:ec2:SecurityGroup\n properties:\n description: Allow TLS inbound traffic and all outbound traffic\n vpcId: ${aws_vpc.main.id}\n tags:\n Name: allow_tls\n allowTlsIpv4:\n type: aws:vpc:SecurityGroupIngressRule\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: ${aws_vpc.main.cidr_block}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowTlsIpv6:\n type: aws:vpc:SecurityGroupIngressRule\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ${aws_vpc.main.ipv6_cidr_block}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowAllTrafficIpv4:\n type: aws:vpc:SecurityGroupEgressRule\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: 0.0.0.0/0\n ipProtocol: '-1'\n allowAllTrafficIpv6:\n type: aws:vpc:SecurityGroupEgressRule\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ::/0\n ipProtocol: '-1'\n```\n\n\u003e **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a new Security Group inside of a VPC. When creating a new Security Group inside a VPC, **this provider will remove this default rule**, and require you specifically re-create it if you desire that rule. We feel this leads to fewer surprises in terms of controlling your egress rules. If you desire this rule to be in place, you can use this `egress` block:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n cidrBlocks: [\"0.0.0.0/0\"],\n fromPort: 0,\n ipv6CidrBlocks: [\"::/0\"],\n protocol: \"-1\",\n toPort: 0,\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n cidr_blocks=[\"0.0.0.0/0\"],\n from_port=0,\n ipv6_cidr_blocks=[\"::/0\"],\n protocol=\"-1\",\n to_port=0,\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n CidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n FromPort = 0,\n Ipv6CidrBlocks = new[]\n {\n \"::/0\",\n },\n Protocol = \"-1\",\n ToPort = 0,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"::/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .egress(SecurityGroupEgressArgs.builder()\n .cidrBlocks(\"0.0.0.0/0\")\n .fromPort(0)\n .ipv6CidrBlocks(\"::/0\")\n .protocol(\"-1\")\n .toPort(0)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - cidrBlocks:\n - 0.0.0.0/0\n fromPort: 0\n ipv6CidrBlocks:\n - ::/0\n protocol: '-1'\n toPort: 0\n```\n{{% /example %}}\n{{% example %}}\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nPrefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"myEndpoint\", {});\n// ... other configuration ...\n// ... other configuration ...\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_endpoint = aws.ec2.VpcEndpoint(\"myEndpoint\")\n# ... other configuration ...\n# ... other configuration ...\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"myEndpoint\");\n\n // ... other configuration ...\n // ... other configuration ...\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"myEndpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n```\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList` data source.\n{{% /example %}}\n{{% example %}}\n### Removing All Ingress and Egress Rules\n\nThe `ingress` and `egress` arguments are processed in attributes-as-blocks mode. Due to this, removing these arguments from the configuration will **not** cause the provider to destroy the managed rules. To subsequently remove all managed ingress and egress rules:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n vpcId: aws_vpc.example.id,\n ingress: [],\n egress: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\",\n vpc_id=aws_vpc[\"example\"][\"id\"],\n ingress=[],\n egress=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n VpcId = aws_vpc.Example.Id,\n Ingress = new[] {},\n Egress = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{},\n\t\t\tEgress: ec2.SecurityGroupEgressArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .vpcId(aws_vpc.example().id())\n .ingress()\n .egress()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n vpcId: ${aws_vpc.example.id}\n ingress: []\n egress: []\n```\n{{% /example %}}\n### Recreating a Security Group\n\nA simple security group `name` change \"forces new\" the security group--the provider destroys the security group and creates a new one. (Likewise, `description`, `name_prefix`, or `vpc_id` [cannot be changed](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#creating-security-group).) Attempting to recreate the security group leads to a variety of complications depending on how it is used.\n\nSecurity groups are generally associated with other resources--**more than 100** AWS Provider resources reference security groups. Referencing a resource from another resource creates a one-way dependency. For example, if you create an EC2 `aws.ec2.Instance` that has a `vpc_security_group_ids` argument that refers to an `aws.ec2.SecurityGroup` resource, the `aws.ec2.SecurityGroup` is a dependent of the `aws.ec2.Instance`. Because of this, the provider will create the security group first so that it can then be associated with the EC2 instance.\n\nHowever, the dependency relationship actually goes both directions causing the _Security Group Deletion Problem_. AWS does not allow you to delete the security group associated with another resource (_e.g._, the `aws.ec2.Instance`).\n\nThe provider does not model bi-directional dependencies like this, but, even if it did, simply knowing the dependency situation would not be enough to solve it. For example, some resources must always have an associated security group while others don't need to. In addition, when the `aws.ec2.SecurityGroup` resource attempts to recreate, it receives a dependent object error, which does not provide information on whether the dependent object is a security group rule or, for example, an associated EC2 instance. Within the provider, the associated resource (_e.g._, `aws.ec2.Instance`) does not receive an error when the `aws.ec2.SecurityGroup` is trying to recreate even though that is where changes to the associated resource would need to take place (_e.g._, removing the security group association).\n\nDespite these sticky problems, below are some ways to improve your experience when you find it necessary to recreate a security group.\n{{% example %}}\n### `create_before_destroy`\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nNormally, the provider first deletes the existing security group resource and then creates a new one. When a security group is associated with a resource, the delete won't succeed. You can invert the default behavior using the `create_before_destroy` meta argument:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\");\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n```\n{{% /example %}}\n{{% example %}}\n### `replace_triggered_by`\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nTo replace a resource when a security group changes, use the `replace_triggered_by` meta argument. Note that in this example, the `aws.ec2.Instance` will be destroyed and created again when the `aws.ec2.SecurityGroup` changes.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSecurityGroup = new aws.ec2.SecurityGroup(\"exampleSecurityGroup\", {});\n// ... other configuration ...\nconst exampleInstance = new aws.ec2.Instance(\"exampleInstance\", {\n instanceType: \"t3.small\",\n vpcSecurityGroupIds: [aws_security_group.test.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_security_group = aws.ec2.SecurityGroup(\"exampleSecurityGroup\")\n# ... other configuration ...\nexample_instance = aws.ec2.Instance(\"exampleInstance\",\n instance_type=\"t3.small\",\n vpc_security_group_ids=[aws_security_group[\"test\"][\"id\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleSecurityGroup = new Aws.Ec2.SecurityGroup(\"exampleSecurityGroup\");\n\n // ... other configuration ...\n var exampleInstance = new Aws.Ec2.Instance(\"exampleInstance\", new()\n {\n InstanceType = \"t3.small\",\n VpcSecurityGroupIds = new[]\n {\n aws_security_group.Test.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"exampleSecurityGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"exampleInstance\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(\"t3.small\"),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\taws_security_group.Test.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSecurityGroup = new SecurityGroup(\"exampleSecurityGroup\");\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .instanceType(\"t3.small\")\n .vpcSecurityGroupIds(aws_security_group.test().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSecurityGroup:\n type: aws:ec2:SecurityGroup\n exampleInstance:\n type: aws:ec2:Instance\n properties:\n instanceType: t3.small # ... other configuration ...\n vpcSecurityGroupIds:\n - ${aws_security_group.test.id}\n```\n{{% /example %}}\n{{% example %}}\n### Shorter timeout\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nIf destroying a security group takes a long time, it may be because the provider cannot distinguish between a dependent object (_e.g._, a security group rule or EC2 instance) that is _in the process of being deleted_ and one that is not. In other words, it may be waiting for a train that isn't scheduled to arrive. To fail faster, shorten the `delete` timeout from the default timeout:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\");\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Security Groups using the security group `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8\n```\n ", + "description": "Provides a security group resource.\n\n\u003e **NOTE on Security Groups and Security Group Rules:** This provider currently provides a Security Group resource with `ingress` and `egress` rules defined in-line and a Security Group Rule resource which manages one or more `ingress` or `egress` rules. Both of these resource were added before AWS assigned a [security group rule unique ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html), and they do not work well in all scenarios using the`description` and `tags` attributes, which rely on the unique ID. The `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources have been added to address these limitations and should be used for all new security group rules. You should not use the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources in conjunction with an `aws.ec2.SecurityGroup` resource with in-line rules or with `aws.ec2.SecurityGroupRule` resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** The `cidr_blocks` and `ipv6_cidr_blocks` parameters are optional in the `ingress` and `egress` blocks. If nothing is specified, traffic will be blocked as described in _NOTE on Egress rules_ later.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst allowTls = new aws.ec2.SecurityGroup(\"allowTls\", {\n description: \"Allow TLS inbound traffic and all outbound traffic\",\n vpcId: aws_vpc.main.id,\n tags: {\n Name: \"allow_tls\",\n },\n});\nconst allowTlsIpv4 = new aws.vpc.SecurityGroupIngressRule(\"allowTlsIpv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: aws_vpc.main.cidr_block,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowTlsIpv6 = new aws.vpc.SecurityGroupIngressRule(\"allowTlsIpv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: aws_vpc.main.ipv6_cidr_block,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowAllTrafficIpv4 = new aws.vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: \"0.0.0.0/0\",\n ipProtocol: \"-1\",\n});\n// semantically equivalent to all ports\nconst allowAllTrafficIpv6 = new aws.vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: \"::/0\",\n ipProtocol: \"-1\",\n});\n// semantically equivalent to all ports\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nallow_tls = aws.ec2.SecurityGroup(\"allowTls\",\n description=\"Allow TLS inbound traffic and all outbound traffic\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n tags={\n \"Name\": \"allow_tls\",\n })\nallow_tls_ipv4 = aws.vpc.SecurityGroupIngressRule(\"allowTlsIpv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=aws_vpc[\"main\"][\"cidr_block\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_tls_ipv6 = aws.vpc.SecurityGroupIngressRule(\"allowTlsIpv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=aws_vpc[\"main\"][\"ipv6_cidr_block\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_all_traffic_ipv4 = aws.vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=\"0.0.0.0/0\",\n ip_protocol=\"-1\")\n# semantically equivalent to all ports\nallow_all_traffic_ipv6 = aws.vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=\"::/0\",\n ip_protocol=\"-1\")\n# semantically equivalent to all ports\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allowTls = new Aws.Ec2.SecurityGroup(\"allowTls\", new()\n {\n Description = \"Allow TLS inbound traffic and all outbound traffic\",\n VpcId = aws_vpc.Main.Id,\n Tags = \n {\n { \"Name\", \"allow_tls\" },\n },\n });\n\n var allowTlsIpv4 = new Aws.Vpc.SecurityGroupIngressRule(\"allowTlsIpv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = aws_vpc.Main.Cidr_block,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowTlsIpv6 = new Aws.Vpc.SecurityGroupIngressRule(\"allowTlsIpv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = aws_vpc.Main.Ipv6_cidr_block,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowAllTrafficIpv4 = new Aws.Vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = \"0.0.0.0/0\",\n IpProtocol = \"-1\",\n });\n\n // semantically equivalent to all ports\n var allowAllTrafficIpv6 = new Aws.Vpc.SecurityGroupEgressRule(\"allowAllTrafficIpv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = \"::/0\",\n IpProtocol = \"-1\",\n });\n\n // semantically equivalent to all ports\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tallowTls, err := ec2.NewSecurityGroup(ctx, \"allowTls\", \u0026ec2.SecurityGroupArgs{\n\t\t\tDescription: pulumi.String(\"Allow TLS inbound traffic and all outbound traffic\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"allow_tls\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allowTlsIpv4\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.Any(aws_vpc.Main.Cidr_block),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allowTlsIpv6\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.Any(aws_vpc.Main.Ipv6_cidr_block),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allowAllTrafficIpv4\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allowAllTrafficIpv6\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.String(\"::/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRule;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRuleArgs;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRule;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allowTls = new SecurityGroup(\"allowTls\", SecurityGroupArgs.builder() \n .description(\"Allow TLS inbound traffic and all outbound traffic\")\n .vpcId(aws_vpc.main().id())\n .tags(Map.of(\"Name\", \"allow_tls\"))\n .build());\n\n var allowTlsIpv4 = new SecurityGroupIngressRule(\"allowTlsIpv4\", SecurityGroupIngressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv4(aws_vpc.main().cidr_block())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowTlsIpv6 = new SecurityGroupIngressRule(\"allowTlsIpv6\", SecurityGroupIngressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv6(aws_vpc.main().ipv6_cidr_block())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowAllTrafficIpv4 = new SecurityGroupEgressRule(\"allowAllTrafficIpv4\", SecurityGroupEgressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv4(\"0.0.0.0/0\")\n .ipProtocol(\"-1\")\n .build());\n\n var allowAllTrafficIpv6 = new SecurityGroupEgressRule(\"allowAllTrafficIpv6\", SecurityGroupEgressRuleArgs.builder() \n .securityGroupId(allowTls.id())\n .cidrIpv6(\"::/0\")\n .ipProtocol(\"-1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowTls:\n type: aws:ec2:SecurityGroup\n properties:\n description: Allow TLS inbound traffic and all outbound traffic\n vpcId: ${aws_vpc.main.id}\n tags:\n Name: allow_tls\n allowTlsIpv4:\n type: aws:vpc:SecurityGroupIngressRule\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: ${aws_vpc.main.cidr_block}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowTlsIpv6:\n type: aws:vpc:SecurityGroupIngressRule\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ${aws_vpc.main.ipv6_cidr_block}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowAllTrafficIpv4:\n type: aws:vpc:SecurityGroupEgressRule\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: 0.0.0.0/0\n ipProtocol: '-1'\n allowAllTrafficIpv6:\n type: aws:vpc:SecurityGroupEgressRule\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ::/0\n ipProtocol: '-1'\n```\n\n\u003e **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a new Security Group inside of a VPC. When creating a new Security Group inside a VPC, **this provider will remove this default rule**, and require you specifically re-create it if you desire that rule. We feel this leads to fewer surprises in terms of controlling your egress rules. If you desire this rule to be in place, you can use this `egress` block:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n cidrBlocks: [\"0.0.0.0/0\"],\n fromPort: 0,\n ipv6CidrBlocks: [\"::/0\"],\n protocol: \"-1\",\n toPort: 0,\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n cidr_blocks=[\"0.0.0.0/0\"],\n from_port=0,\n ipv6_cidr_blocks=[\"::/0\"],\n protocol=\"-1\",\n to_port=0,\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n CidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n FromPort = 0,\n Ipv6CidrBlocks = new[]\n {\n \"::/0\",\n },\n Protocol = \"-1\",\n ToPort = 0,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"::/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .egress(SecurityGroupEgressArgs.builder()\n .cidrBlocks(\"0.0.0.0/0\")\n .fromPort(0)\n .ipv6CidrBlocks(\"::/0\")\n .protocol(\"-1\")\n .toPort(0)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - cidrBlocks:\n - 0.0.0.0/0\n fromPort: 0\n ipv6CidrBlocks:\n - ::/0\n protocol: '-1'\n toPort: 0\n```\n{{% /example %}}\n{{% example %}}\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nPrefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"myEndpoint\", {});\n// ... other configuration ...\n// ... other configuration ...\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_endpoint = aws.ec2.VpcEndpoint(\"myEndpoint\")\n# ... other configuration ...\n# ... other configuration ...\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"myEndpoint\");\n\n // ... other configuration ...\n // ... other configuration ...\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"myEndpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ... other configuration ...\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n```\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList` data source.\n{{% /example %}}\n{{% example %}}\n### Removing All Ingress and Egress Rules\n\nThe `ingress` and `egress` arguments are processed in attributes-as-blocks mode. Due to this, removing these arguments from the configuration will **not** cause the provider to destroy the managed rules. To subsequently remove all managed ingress and egress rules:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n vpcId: aws_vpc.example.id,\n ingress: [],\n egress: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\",\n vpc_id=aws_vpc[\"example\"][\"id\"],\n ingress=[],\n egress=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n VpcId = aws_vpc.Example.Id,\n Ingress = new[] {},\n Egress = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{},\n\t\t\tEgress: ec2.SecurityGroupEgressArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder() \n .vpcId(aws_vpc.example().id())\n .ingress()\n .egress()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n vpcId: ${aws_vpc.example.id}\n ingress: []\n egress: []\n```\n{{% /example %}}\n### Recreating a Security Group\n\nA simple security group `name` change \"forces new\" the security group--the provider destroys the security group and creates a new one. (Likewise, `description`, `name_prefix`, or `vpc_id` [cannot be changed](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#creating-security-group).) Attempting to recreate the security group leads to a variety of complications depending on how it is used.\n\nSecurity groups are generally associated with other resources--**more than 100** AWS Provider resources reference security groups. Referencing a resource from another resource creates a one-way dependency. For example, if you create an EC2 `aws.ec2.Instance` that has a `vpc_security_group_ids` argument that refers to an `aws.ec2.SecurityGroup` resource, the `aws.ec2.SecurityGroup` is a dependent of the `aws.ec2.Instance`. Because of this, the provider will create the security group first so that it can then be associated with the EC2 instance.\n\nHowever, the dependency relationship actually goes both directions causing the _Security Group Deletion Problem_. AWS does not allow you to delete the security group associated with another resource (_e.g._, the `aws.ec2.Instance`).\n\nThe provider does not model bi-directional dependencies like this, but, even if it did, simply knowing the dependency situation would not be enough to solve it. For example, some resources must always have an associated security group while others don't need to. In addition, when the `aws.ec2.SecurityGroup` resource attempts to recreate, it receives a dependent object error, which does not provide information on whether the dependent object is a security group rule or, for example, an associated EC2 instance. Within the provider, the associated resource (_e.g._, `aws.ec2.Instance`) does not receive an error when the `aws.ec2.SecurityGroup` is trying to recreate even though that is where changes to the associated resource would need to take place (_e.g._, removing the security group association).\n\nDespite these sticky problems, below are some ways to improve your experience when you find it necessary to recreate a security group.\n{{% example %}}\n### `create_before_destroy`\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nNormally, the provider first deletes the existing security group resource and then creates a new one. When a security group is associated with a resource, the delete won't succeed. You can invert the default behavior using the `create_before_destroy` meta argument:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\");\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n```\n{{% /example %}}\n{{% example %}}\n### `replace_triggered_by`\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nTo replace a resource when a security group changes, use the `replace_triggered_by` meta argument. Note that in this example, the `aws.ec2.Instance` will be destroyed and created again when the `aws.ec2.SecurityGroup` changes.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSecurityGroup = new aws.ec2.SecurityGroup(\"exampleSecurityGroup\", {});\n// ... other configuration ...\nconst exampleInstance = new aws.ec2.Instance(\"exampleInstance\", {\n instanceType: \"t3.small\",\n vpcSecurityGroupIds: [aws_security_group.test.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_security_group = aws.ec2.SecurityGroup(\"exampleSecurityGroup\")\n# ... other configuration ...\nexample_instance = aws.ec2.Instance(\"exampleInstance\",\n instance_type=\"t3.small\",\n vpc_security_group_ids=[aws_security_group[\"test\"][\"id\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleSecurityGroup = new Aws.Ec2.SecurityGroup(\"exampleSecurityGroup\");\n\n // ... other configuration ...\n var exampleInstance = new Aws.Ec2.Instance(\"exampleInstance\", new()\n {\n InstanceType = \"t3.small\",\n VpcSecurityGroupIds = new[]\n {\n aws_security_group.Test.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"exampleSecurityGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"exampleInstance\", \u0026ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(\"t3.small\"),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\taws_security_group.Test.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSecurityGroup = new SecurityGroup(\"exampleSecurityGroup\");\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .instanceType(\"t3.small\")\n .vpcSecurityGroupIds(aws_security_group.test().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSecurityGroup:\n type: aws:ec2:SecurityGroup\n exampleInstance:\n type: aws:ec2:Instance\n properties:\n instanceType: t3.small # ... other configuration ...\n vpcSecurityGroupIds:\n - ${aws_security_group.test.id}\n```\n{{% /example %}}\n{{% example %}}\n### Shorter timeout\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nIf destroying a security group takes a long time, it may be because the provider cannot distinguish between a dependent object (_e.g._, a security group rule or EC2 instance) that is _in the process of being deleted_ and one that is not. In other words, it may be waiting for a train that isn't scheduled to arrive. To fail faster, shorten the `delete` timeout from the default timeout:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\");\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Security Groups using the security group `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8\n```\n ", "properties": { "arn": { "type": "string", @@ -214790,7 +214790,7 @@ } }, "aws:ec2/securityGroupRule:SecurityGroupRule": { - "description": "Provides a security group rule resource. Represents a single `ingress` or\n`egress` group rule, which can be added to external Security Groups.\n\n\u003e **NOTE on Security Groups and Security Group Rules:** This provider currently provides a Security Group resource with `ingress` and `egress` rules defined in-line and a Security Group Rule resource which manages one or more `ingress` or\n`egress` rules. Both of these resource were added before AWS assigned a [security group rule unique ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html), and they do not work well in all scenarios using the`description` and `tags` attributes, which rely on the unique ID.\nThe `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources have been added to address these limitations and should be used for all new security group rules.\nYou should not use the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources in conjunction with an `aws.ec2.SecurityGroup` resource with in-line rules or with `aws.ec2.SecurityGroupRule` resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.\n\n\u003e **NOTE:** Setting `protocol = \"all\"` or `protocol = -1` with `from_port` and `to_port` will result in the EC2 API creating a security group rule with all ports open. This API behavior cannot be controlled by this provider and may generate warnings in the future.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroupRule(\"example\", {\n type: \"ingress\",\n fromPort: 0,\n toPort: 65535,\n protocol: \"tcp\",\n cidrBlocks: [aws_vpc.example.cidr_block],\n ipv6CidrBlocks: [aws_vpc.example.ipv6_cidr_block],\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroupRule(\"example\",\n type=\"ingress\",\n from_port=0,\n to_port=65535,\n protocol=\"tcp\",\n cidr_blocks=[aws_vpc[\"example\"][\"cidr_block\"]],\n ipv6_cidr_blocks=[aws_vpc[\"example\"][\"ipv6_cidr_block\"]],\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroupRule(\"example\", new()\n {\n Type = \"ingress\",\n FromPort = 0,\n ToPort = 65535,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n aws_vpc.Example.Cidr_block,\n },\n Ipv6CidrBlocks = new[]\n {\n aws_vpc.Example.Ipv6_cidr_block,\n },\n SecurityGroupId = \"sg-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroupRule(ctx, \"example\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"ingress\"),\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tToPort: pulumi.Int(65535),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\taws_vpc.Example.Cidr_block,\n\t\t\t},\n\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\taws_vpc.Example.Ipv6_cidr_block,\n\t\t\t},\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroupRule(\"example\", SecurityGroupRuleArgs.builder() \n .type(\"ingress\")\n .fromPort(0)\n .toPort(65535)\n .protocol(\"tcp\")\n .cidrBlocks(aws_vpc.example().cidr_block())\n .ipv6CidrBlocks(aws_vpc.example().ipv6_cidr_block())\n .securityGroupId(\"sg-123456\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroupRule\n properties:\n type: ingress\n fromPort: 0\n toPort: 65535\n protocol: tcp\n cidrBlocks:\n - ${aws_vpc.example.cidr_block}\n ipv6CidrBlocks:\n - ${aws_vpc.example.ipv6_cidr_block}\n securityGroupId: sg-123456\n```\n{{% /example %}}\n{{% example %}}\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nManaged Prefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\n\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"myEndpoint\", {});\n// ...\nconst allowAll = new aws.ec2.SecurityGroupRule(\"allowAll\", {\n type: \"egress\",\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n fromPort: 0,\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nmy_endpoint = aws.ec2.VpcEndpoint(\"myEndpoint\")\n# ...\nallow_all = aws.ec2.SecurityGroupRule(\"allowAll\",\n type=\"egress\",\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n from_port=0,\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"myEndpoint\");\n\n // ...\n var allowAll = new Aws.Ec2.SecurityGroupRule(\"allowAll\", new()\n {\n Type = \"egress\",\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n FromPort = 0,\n SecurityGroupId = \"sg-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"myEndpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroupRule(ctx, \"allowAll\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"egress\"),\n\t\t\tToPort: pulumi.Int(0),\n\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t},\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var allowAll = new SecurityGroupRule(\"allowAll\", SecurityGroupRuleArgs.builder() \n .type(\"egress\")\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .fromPort(0)\n .securityGroupId(\"sg-123456\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowAll:\n type: aws:ec2:SecurityGroupRule\n properties:\n type: egress\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n fromPort: 0\n securityGroupId: sg-123456\n # ...\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n```\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList`\nor `ec2_managed_prefix_list` data sources:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst s3 = current.then(current =\u003e aws.ec2.getPrefixList({\n name: `com.amazonaws.${current.name}.s3`,\n}));\nconst s3GatewayEgress = new aws.ec2.SecurityGroupRule(\"s3GatewayEgress\", {\n description: \"S3 Gateway Egress\",\n type: \"egress\",\n securityGroupId: \"sg-123456\",\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n prefixListIds: [s3.then(s3 =\u003e s3.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\ns3 = aws.ec2.get_prefix_list(name=f\"com.amazonaws.{current.name}.s3\")\ns3_gateway_egress = aws.ec2.SecurityGroupRule(\"s3GatewayEgress\",\n description=\"S3 Gateway Egress\",\n type=\"egress\",\n security_group_id=\"sg-123456\",\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n prefix_list_ids=[s3.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var s3 = Aws.Ec2.GetPrefixList.Invoke(new()\n {\n Name = $\"com.amazonaws.{current.Apply(getRegionResult =\u003e getRegionResult.Name)}.s3\",\n });\n\n var s3GatewayEgress = new Aws.Ec2.SecurityGroupRule(\"s3GatewayEgress\", new()\n {\n Description = \"S3 Gateway Egress\",\n Type = \"egress\",\n SecurityGroupId = \"sg-123456\",\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n PrefixListIds = new[]\n {\n s3.Apply(getPrefixListResult =\u003e getPrefixListResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3, err := ec2.GetPrefixList(ctx, \u0026ec2.GetPrefixListArgs{\n\t\t\tName: pulumi.StringRef(fmt.Sprintf(\"com.amazonaws.%v.s3\", current.Name)),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroupRule(ctx, \"s3GatewayEgress\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tDescription: pulumi.String(\"S3 Gateway Egress\"),\n\t\t\tType: pulumi.String(\"egress\"),\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tToPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t*pulumi.String(s3.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetPrefixListArgs;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n final var s3 = Ec2Functions.getPrefixList(GetPrefixListArgs.builder()\n .name(String.format(\"com.amazonaws.%s.s3\", current.applyValue(getRegionResult -\u003e getRegionResult.name())))\n .build());\n\n var s3GatewayEgress = new SecurityGroupRule(\"s3GatewayEgress\", SecurityGroupRuleArgs.builder() \n .description(\"S3 Gateway Egress\")\n .type(\"egress\")\n .securityGroupId(\"sg-123456\")\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .prefixListIds(s3.applyValue(getPrefixListResult -\u003e getPrefixListResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3GatewayEgress:\n type: aws:ec2:SecurityGroupRule\n properties:\n # S3 Gateway interfaces are implemented at the routing level which means we\n # # can avoid the metered billing of a VPC endpoint interface by allowing\n # # outbound traffic to the public IP ranges, which will be routed through\n # # the Gateway interface:\n # # https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html\n description: S3 Gateway Egress\n type: egress\n securityGroupId: sg-123456\n fromPort: 443\n toPort: 443\n protocol: tcp\n prefixListIds:\n - ${s3.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n s3:\n fn::invoke:\n Function: aws:ec2:getPrefixList\n Arguments:\n name: com.amazonaws.${current.name}.s3\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nImport a rule with various IPv4 and IPv6 source CIDR blocks:\n\nImport a rule, applicable to all ports, with a protocol other than TCP/UDP/ICMP/ICMPV6/ALL, e.g., Multicast Transport Protocol (MTP), using the IANA protocol number. For example: 92.\n\nImport a default any/any egress rule to 0.0.0.0/0:\n\nImport an egress rule with a prefix list ID destination:\n\nImport a rule applicable to all protocols and ports with a security group source:\n\nImport a rule that has itself and an IPv6 CIDR block as sources:\n\n__Using `pulumi import` to import__ Security Group Rules using the `security_group_id`, `type`, `protocol`, `from_port`, `to_port`, and source(s)/destination(s) (such as a `cidr_block`) separated by underscores (`_`). All parts are required. For example:\n\n__NOTE:__ Not all rule permissions (e.g., not all of a rule's CIDR blocks) need to be imported for this provider to manage rule permissions. However, importing some of a rule's permissions but not others, and then making changes to the rule will result in the creation of an additional rule to capture the updated permissions. Rule permissions that were not imported are left intact in the original rule.\n\nImport an ingress rule in security group `sg-6e616f6d69` for TCP port 8000 with an IPv4 destination CIDR of `10.0.3.0/24`:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6e616f6d69_ingress_tcp_8000_8000_10.0.3.0/24\n```\n Import a rule with various IPv4 and IPv6 source CIDR blocks:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-4973616163_ingress_tcp_100_121_10.1.0.0/16_2001:db8::/48_10.2.0.0/16_2002:db8::/48\n```\n Import a rule, applicable to all ports, with a protocol other than TCP/UDP/ICMP/ICMPV6/ALL, e.g., Multicast Transport Protocol (MTP), using the IANA protocol number. For example: 92.\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6777656e646f6c796e_ingress_92_0_65536_10.0.3.0/24_10.0.4.0/24\n```\n Import a default any/any egress rule to 0.0.0.0/0:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule default_egress sg-6777656e646f6c796e_egress_all_0_0_0.0.0.0/0\n```\n Import an egress rule with a prefix list ID destination:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule egress sg-62726f6479_egress_tcp_8000_8000_pl-6469726b\n```\n Import a rule applicable to all protocols and ports with a security group source:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress_rule sg-7472697374616e_ingress_all_0_65536_sg-6176657279\n```\n Import a rule that has itself and an IPv6 CIDR block as sources:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule rule_name sg-656c65616e6f72_ingress_tcp_80_80_self_2001:db8::/48\n```\n ", + "description": "Provides a security group rule resource. Represents a single `ingress` or\n`egress` group rule, which can be added to external Security Groups.\n\n\u003e **NOTE on Security Groups and Security Group Rules:** This provider currently provides a Security Group resource with `ingress` and `egress` rules defined in-line and a Security Group Rule resource which manages one or more `ingress` or\n`egress` rules. Both of these resource were added before AWS assigned a [security group rule unique ID](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules.html), and they do not work well in all scenarios using the`description` and `tags` attributes, which rely on the unique ID.\nThe `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources have been added to address these limitations and should be used for all new security group rules.\nYou should not use the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources in conjunction with an `aws.ec2.SecurityGroup` resource with in-line rules or with `aws.ec2.SecurityGroupRule` resources defined for the same Security Group, as rule conflicts may occur and rules will be overwritten.\n\n\u003e **NOTE:** Setting `protocol = \"all\"` or `protocol = -1` with `from_port` and `to_port` will result in the EC2 API creating a security group rule with all ports open. This API behavior cannot be controlled by this provider and may generate warnings in the future.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroupRule(\"example\", {\n type: \"ingress\",\n fromPort: 0,\n toPort: 65535,\n protocol: \"tcp\",\n cidrBlocks: [aws_vpc.example.cidr_block],\n ipv6CidrBlocks: [aws_vpc.example.ipv6_cidr_block],\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroupRule(\"example\",\n type=\"ingress\",\n from_port=0,\n to_port=65535,\n protocol=\"tcp\",\n cidr_blocks=[aws_vpc[\"example\"][\"cidr_block\"]],\n ipv6_cidr_blocks=[aws_vpc[\"example\"][\"ipv6_cidr_block\"]],\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroupRule(\"example\", new()\n {\n Type = \"ingress\",\n FromPort = 0,\n ToPort = 65535,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n aws_vpc.Example.Cidr_block,\n },\n Ipv6CidrBlocks = new[]\n {\n aws_vpc.Example.Ipv6_cidr_block,\n },\n SecurityGroupId = \"sg-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroupRule(ctx, \"example\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"ingress\"),\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tToPort: pulumi.Int(65535),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\taws_vpc.Example.Cidr_block,\n\t\t\t},\n\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\taws_vpc.Example.Ipv6_cidr_block,\n\t\t\t},\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroupRule(\"example\", SecurityGroupRuleArgs.builder() \n .type(\"ingress\")\n .fromPort(0)\n .toPort(65535)\n .protocol(\"tcp\")\n .cidrBlocks(aws_vpc.example().cidr_block())\n .ipv6CidrBlocks(aws_vpc.example().ipv6_cidr_block())\n .securityGroupId(\"sg-123456\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroupRule\n properties:\n type: ingress\n fromPort: 0\n toPort: 65535\n protocol: tcp\n cidrBlocks:\n - ${aws_vpc.example.cidr_block}\n ipv6CidrBlocks:\n - ${aws_vpc.example.ipv6_cidr_block}\n securityGroupId: sg-123456\n```\n{{% /example %}}\n{{% example %}}\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nManaged Prefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\n\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"myEndpoint\", {});\n// ...\nconst allowAll = new aws.ec2.SecurityGroupRule(\"allowAll\", {\n type: \"egress\",\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n fromPort: 0,\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nmy_endpoint = aws.ec2.VpcEndpoint(\"myEndpoint\")\n# ...\nallow_all = aws.ec2.SecurityGroupRule(\"allowAll\",\n type=\"egress\",\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n from_port=0,\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"myEndpoint\");\n\n // ...\n var allowAll = new Aws.Ec2.SecurityGroupRule(\"allowAll\", new()\n {\n Type = \"egress\",\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n FromPort = 0,\n SecurityGroupId = \"sg-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ...\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"myEndpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroupRule(ctx, \"allowAll\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"egress\"),\n\t\t\tToPort: pulumi.Int(0),\n\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t},\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var allowAll = new SecurityGroupRule(\"allowAll\", SecurityGroupRuleArgs.builder() \n .type(\"egress\")\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .fromPort(0)\n .securityGroupId(\"sg-123456\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowAll:\n type: aws:ec2:SecurityGroupRule\n properties:\n type: egress\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n fromPort: 0\n securityGroupId: sg-123456\n # ...\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n```\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList`\nor `ec2_managed_prefix_list` data sources:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getRegion({});\nconst s3 = current.then(current =\u003e aws.ec2.getPrefixList({\n name: `com.amazonaws.${current.name}.s3`,\n}));\nconst s3GatewayEgress = new aws.ec2.SecurityGroupRule(\"s3GatewayEgress\", {\n description: \"S3 Gateway Egress\",\n type: \"egress\",\n securityGroupId: \"sg-123456\",\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n prefixListIds: [s3.then(s3 =\u003e s3.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\ns3 = aws.ec2.get_prefix_list(name=f\"com.amazonaws.{current.name}.s3\")\ns3_gateway_egress = aws.ec2.SecurityGroupRule(\"s3GatewayEgress\",\n description=\"S3 Gateway Egress\",\n type=\"egress\",\n security_group_id=\"sg-123456\",\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n prefix_list_ids=[s3.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetRegion.Invoke();\n\n var s3 = Aws.Ec2.GetPrefixList.Invoke(new()\n {\n Name = $\"com.amazonaws.{current.Apply(getRegionResult =\u003e getRegionResult.Name)}.s3\",\n });\n\n var s3GatewayEgress = new Aws.Ec2.SecurityGroupRule(\"s3GatewayEgress\", new()\n {\n Description = \"S3 Gateway Egress\",\n Type = \"egress\",\n SecurityGroupId = \"sg-123456\",\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n PrefixListIds = new[]\n {\n s3.Apply(getPrefixListResult =\u003e getPrefixListResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3, err := ec2.GetPrefixList(ctx, \u0026ec2.GetPrefixListArgs{\n\t\t\tName: pulumi.StringRef(fmt.Sprintf(\"com.amazonaws.%v.s3\", current.Name)),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroupRule(ctx, \"s3GatewayEgress\", \u0026ec2.SecurityGroupRuleArgs{\n\t\t\tDescription: pulumi.String(\"S3 Gateway Egress\"),\n\t\t\tType: pulumi.String(\"egress\"),\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tToPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t*pulumi.String(s3.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetPrefixListArgs;\nimport com.pulumi.aws.ec2.SecurityGroupRule;\nimport com.pulumi.aws.ec2.SecurityGroupRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getRegion();\n\n final var s3 = Ec2Functions.getPrefixList(GetPrefixListArgs.builder()\n .name(String.format(\"com.amazonaws.%s.s3\", current.applyValue(getRegionResult -\u003e getRegionResult.name())))\n .build());\n\n var s3GatewayEgress = new SecurityGroupRule(\"s3GatewayEgress\", SecurityGroupRuleArgs.builder() \n .description(\"S3 Gateway Egress\")\n .type(\"egress\")\n .securityGroupId(\"sg-123456\")\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .prefixListIds(s3.applyValue(getPrefixListResult -\u003e getPrefixListResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n s3GatewayEgress:\n type: aws:ec2:SecurityGroupRule\n properties:\n # S3 Gateway interfaces are implemented at the routing level which means we\n # # can avoid the metered billing of a VPC endpoint interface by allowing\n # # outbound traffic to the public IP ranges, which will be routed through\n # # the Gateway interface:\n # # https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html\n description: S3 Gateway Egress\n type: egress\n securityGroupId: sg-123456\n fromPort: 443\n toPort: 443\n protocol: tcp\n prefixListIds:\n - ${s3.id}\nvariables:\n current:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n s3:\n fn::invoke:\n Function: aws:ec2:getPrefixList\n Arguments:\n name: com.amazonaws.${current.name}.s3\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nImport a rule with various IPv4 and IPv6 source CIDR blocks:\n\nImport a rule, applicable to all ports, with a protocol other than TCP/UDP/ICMP/ICMPV6/ALL, e.g., Multicast Transport Protocol (MTP), using the IANA protocol number. For example: 92.\n\nImport a default any/any egress rule to 0.0.0.0/0:\n\nImport an egress rule with a prefix list ID destination:\n\nImport a rule applicable to all protocols and ports with a security group source:\n\nImport a rule that has itself and an IPv6 CIDR block as sources:\n\n__Using `pulumi import` to import__ Security Group Rules using the `security_group_id`, `type`, `protocol`, `from_port`, `to_port`, and source(s)/destination(s) (such as a `cidr_block`) separated by underscores (`_`). All parts are required. For example:\n\n__NOTE:__ Not all rule permissions (e.g., not all of a rule's CIDR blocks) need to be imported for this provider to manage rule permissions. However, importing some of a rule's permissions but not others, and then making changes to the rule will result in the creation of an additional rule to capture the updated permissions. Rule permissions that were not imported are left intact in the original rule.\n\nImport an ingress rule in security group `sg-6e616f6d69` for TCP port 8000 with an IPv4 destination CIDR of `10.0.3.0/24`:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6e616f6d69_ingress_tcp_8000_8000_10.0.3.0/24\n```\n Import a rule with various IPv4 and IPv6 source CIDR blocks:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-4973616163_ingress_tcp_100_121_10.1.0.0/16_2001:db8::/48_10.2.0.0/16_2002:db8::/48\n```\n Import a rule, applicable to all ports, with a protocol other than TCP/UDP/ICMP/ICMPV6/ALL, e.g., Multicast Transport Protocol (MTP), using the IANA protocol number. For example: 92.\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6777656e646f6c796e_ingress_92_0_65536_10.0.3.0/24_10.0.4.0/24\n```\n Import a default any/any egress rule to 0.0.0.0/0:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule default_egress sg-6777656e646f6c796e_egress_all_0_0_0.0.0.0/0\n```\n Import an egress rule with a prefix list ID destination:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule egress sg-62726f6479_egress_tcp_8000_8000_pl-6469726b\n```\n Import a rule applicable to all protocols and ports with a security group source:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress_rule sg-7472697374616e_ingress_all_0_65536_sg-6176657279\n```\n Import a rule that has itself and an IPv6 CIDR block as sources:\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule rule_name sg-656c65616e6f72_ingress_tcp_80_80_self_2001:db8::/48\n```\n ", "properties": { "cidrBlocks": { "type": "array", @@ -215145,7 +215145,7 @@ } }, "aws:ec2/spotFleetRequest:SpotFleetRequest": { - "description": "Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot\ninstances to be requested on the Spot market.\n\n\u003e **NOTE [AWS strongly discourages](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) the use of the legacy APIs called by this resource.\nWe recommend using the EC2 Fleet or Auto Scaling Group resources instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a Spot fleet\nconst cheapCompute = new aws.ec2.SpotFleetRequest(\"cheapCompute\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.03\",\n allocationStrategy: \"diversified\",\n targetCapacity: 6,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchSpecifications: [\n {\n instanceType: \"m4.10xlarge\",\n ami: \"ami-1234\",\n spotPrice: \"2.793\",\n placementTenancy: \"dedicated\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n },\n {\n instanceType: \"m4.4xlarge\",\n ami: \"ami-5678\",\n keyName: \"my-key\",\n spotPrice: \"1.117\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n availabilityZone: \"us-west-1a\",\n subnetId: \"subnet-1234\",\n weightedCapacity: \"35\",\n rootBlockDevices: [{\n volumeSize: 300,\n volumeType: \"gp2\",\n }],\n tags: {\n Name: \"spot-fleet-example\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a Spot fleet\ncheap_compute = aws.ec2.SpotFleetRequest(\"cheapCompute\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.03\",\n allocation_strategy=\"diversified\",\n target_capacity=6,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.10xlarge\",\n ami=\"ami-1234\",\n spot_price=\"2.793\",\n placement_tenancy=\"dedicated\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.4xlarge\",\n ami=\"ami-5678\",\n key_name=\"my-key\",\n spot_price=\"1.117\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n availability_zone=\"us-west-1a\",\n subnet_id=\"subnet-1234\",\n weighted_capacity=\"35\",\n root_block_devices=[aws.ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs(\n volume_size=300,\n volume_type=\"gp2\",\n )],\n tags={\n \"Name\": \"spot-fleet-example\",\n },\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Request a Spot fleet\n var cheapCompute = new Aws.Ec2.SpotFleetRequest(\"cheapCompute\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.03\",\n AllocationStrategy = \"diversified\",\n TargetCapacity = 6,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.10xlarge\",\n Ami = \"ami-1234\",\n SpotPrice = \"2.793\",\n PlacementTenancy = \"dedicated\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.4xlarge\",\n Ami = \"ami-5678\",\n KeyName = \"my-key\",\n SpotPrice = \"1.117\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n AvailabilityZone = \"us-west-1a\",\n SubnetId = \"subnet-1234\",\n WeightedCapacity = \"35\",\n RootBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs\n {\n VolumeSize = 300,\n VolumeType = \"gp2\",\n },\n },\n Tags = \n {\n { \"Name\", \"spot-fleet-example\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"cheapCompute\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tAllocationStrategy: pulumi.String(\"diversified\"),\n\t\t\tTargetCapacity: pulumi.Int(6),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.10xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"2.793\"),\n\t\t\t\t\tPlacementTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.4xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-5678\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"1.117\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-1a\"),\n\t\t\t\t\tSubnetId: pulumi.String(\"subnet-1234\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"35\"),\n\t\t\t\t\tRootBlockDevices: ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArray{\n\t\t\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs{\n\t\t\t\t\t\t\tVolumeSize: pulumi.Int(300),\n\t\t\t\t\t\t\tVolumeType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"Name\": pulumi.String(\"spot-fleet-example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cheapCompute = new SpotFleetRequest(\"cheapCompute\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.03\")\n .allocationStrategy(\"diversified\")\n .targetCapacity(6)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.10xlarge\")\n .ami(\"ami-1234\")\n .spotPrice(\"2.793\")\n .placementTenancy(\"dedicated\")\n .iamInstanceProfileArn(aws_iam_instance_profile.example().arn())\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.4xlarge\")\n .ami(\"ami-5678\")\n .keyName(\"my-key\")\n .spotPrice(\"1.117\")\n .iamInstanceProfileArn(aws_iam_instance_profile.example().arn())\n .availabilityZone(\"us-west-1a\")\n .subnetId(\"subnet-1234\")\n .weightedCapacity(35)\n .rootBlockDevices(SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs.builder()\n .volumeSize(\"300\")\n .volumeType(\"gp2\")\n .build())\n .tags(Map.of(\"Name\", \"spot-fleet-example\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Request a Spot fleet\n cheapCompute:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.03'\n allocationStrategy: diversified\n targetCapacity: 6\n validUntil: 2019-11-04T20:44:20Z\n launchSpecifications:\n - instanceType: m4.10xlarge\n ami: ami-1234\n spotPrice: '2.793'\n placementTenancy: dedicated\n iamInstanceProfileArn: ${aws_iam_instance_profile.example.arn}\n - instanceType: m4.4xlarge\n ami: ami-5678\n keyName: my-key\n spotPrice: '1.117'\n iamInstanceProfileArn: ${aws_iam_instance_profile.example.arn}\n availabilityZone: us-west-1a\n subnetId: subnet-1234\n weightedCapacity: 35\n rootBlockDevices:\n - volumeSize: '300'\n volumeType: gp2\n tags:\n Name: spot-fleet-example\n```\n{{% /example %}}\n{{% example %}}\n### Using launch templates\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new()\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tImageId: pulumi.String(\"ami-516b9131\"),\n\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\tKeyName: pulumi.String(\"some-key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tId: fooLaunchTemplate.ID(),\n\t\t\t\t\t\tVersion: fooLaunchTemplate.LatestVersion,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_policy_attachment.TestAttach,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooLaunchTemplate = new LaunchTemplate(\"fooLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(fooLaunchTemplate.id())\n .version(fooLaunchTemplate.latestVersion())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_policy_attachment.test-attach())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n properties:\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${fooLaunchTemplate.id}\n version: ${fooLaunchTemplate.latestVersion}\n options:\n dependson:\n - ${aws_iam_policy_attachment\"test-attach\"[%!s(MISSING)]}\n```\n\n\u003e **NOTE:** This provider does not support the functionality where multiple `subnet_id` or `availability_zone` parameters can be specified in the same\nlaunch configuration block. If you want to specify multiple values, then separate launch configuration blocks should be used or launch template overrides should be configured, one per subnet:\n{{% /example %}}\n{{% example %}}\n### Using multiple launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n launchSpecifications: [\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m1.small\",\n keyName: \"my-key\",\n },\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m5.large\",\n keyName: \"my-key\",\n },\n ],\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m1.small\",\n key_name=\"my-key\",\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m5.large\",\n key_name=\"my-key\",\n ),\n ],\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m1.small\",\n KeyName = \"my-key\",\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m5.large\",\n KeyName = \"my-key\",\n },\n },\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m5.large\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new SpotFleetRequest(\"foo\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .ami(\"ami-d06a90b0\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"m1.small\")\n .keyName(\"my-key\")\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .ami(\"ami-d06a90b0\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"m5.large\")\n .keyName(\"my-key\")\n .build())\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n launchSpecifications:\n - ami: ami-d06a90b0\n availabilityZone: us-west-2a\n instanceType: m1.small\n keyName: my-key\n - ami: ami-d06a90b0\n availabilityZone: us-west-2a\n instanceType: m5.large\n keyName: my-key\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n```\n\n\u003e In this example, we use a `dynamic` block to define zero or more `launch_specification` blocks, producing one for each element in the list of subnet ids.\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnets = config.get(\"subnets\");\n var example = new SpotFleetRequest(\"example\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .targetCapacity(3)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .allocationStrategy(\"lowestPrice\")\n .fleetType(\"request\")\n .waitForFulfillment(\"true\")\n .terminateInstancesWithExpiration(\"true\")\n .dynamic(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using multiple launch configurations\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [_var.vpc_id],\n }],\n});\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n overrides: [\n {\n subnetId: example.then(example =\u003e example.ids?.[0]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[1]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[2]),\n },\n ],\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[var[\"vpc_id\"]],\n)])\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n overrides=[\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[0],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[1],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[2],\n ),\n ],\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n @var.Vpc_id,\n },\n },\n },\n });\n\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new()\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n Overrides = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[2]),\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\n_var.Vpc_id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", \u0026ec2.LaunchTemplateArgs{\nImageId: pulumi.String(\"ami-516b9131\"),\nInstanceType: pulumi.String(\"m1.small\"),\nKeyName: pulumi.String(\"some-key\"),\n})\nif err != nil {\nreturn err\n}\n_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", \u0026ec2.SpotFleetRequestArgs{\nIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\nSpotPrice: pulumi.String(\"0.005\"),\nTargetCapacity: pulumi.Int(2),\nValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\nLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\nLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\nId: fooLaunchTemplate.ID(),\nVersion: fooLaunchTemplate.LatestVersion,\n},\nOverrides: ec2.SpotFleetRequestLaunchTemplateConfigOverrideArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[0]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[1]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[2]),\n},\n},\n},\n},\n}, pulumi.DependsOn([]pulumi.Resource{\naws_iam_policy_attachment.TestAttach,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(var_.vpc_id())\n .build())\n .build());\n\n var fooLaunchTemplate = new LaunchTemplate(\"fooLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(fooLaunchTemplate.id())\n .version(fooLaunchTemplate.latestVersion())\n .build())\n .overrides( \n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[2]))\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_policy_attachment.test-attach())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n properties:\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${fooLaunchTemplate.id}\n version: ${fooLaunchTemplate.latestVersion}\n overrides:\n - subnetId: ${example.ids[0]}\n - subnetId: ${example.ids[1]}\n - subnetId: ${example.ids[2]}\n options:\n dependson:\n - ${aws_iam_policy_attachment\"test-attach\"[%!s(MISSING)]}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${var.vpc_id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Spot Fleet Requests using `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/spotFleetRequest:SpotFleetRequest fleet sfr-005e9ec8-5546-4c31-b317-31a62325411e\n```\n ", + "description": "Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot\ninstances to be requested on the Spot market.\n\n\u003e **NOTE [AWS strongly discourages](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) the use of the legacy APIs called by this resource.\nWe recommend using the EC2 Fleet or Auto Scaling Group resources instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a Spot fleet\nconst cheapCompute = new aws.ec2.SpotFleetRequest(\"cheapCompute\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.03\",\n allocationStrategy: \"diversified\",\n targetCapacity: 6,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchSpecifications: [\n {\n instanceType: \"m4.10xlarge\",\n ami: \"ami-1234\",\n spotPrice: \"2.793\",\n placementTenancy: \"dedicated\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n },\n {\n instanceType: \"m4.4xlarge\",\n ami: \"ami-5678\",\n keyName: \"my-key\",\n spotPrice: \"1.117\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n availabilityZone: \"us-west-1a\",\n subnetId: \"subnet-1234\",\n weightedCapacity: \"35\",\n rootBlockDevices: [{\n volumeSize: 300,\n volumeType: \"gp2\",\n }],\n tags: {\n Name: \"spot-fleet-example\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a Spot fleet\ncheap_compute = aws.ec2.SpotFleetRequest(\"cheapCompute\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.03\",\n allocation_strategy=\"diversified\",\n target_capacity=6,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.10xlarge\",\n ami=\"ami-1234\",\n spot_price=\"2.793\",\n placement_tenancy=\"dedicated\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.4xlarge\",\n ami=\"ami-5678\",\n key_name=\"my-key\",\n spot_price=\"1.117\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n availability_zone=\"us-west-1a\",\n subnet_id=\"subnet-1234\",\n weighted_capacity=\"35\",\n root_block_devices=[aws.ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs(\n volume_size=300,\n volume_type=\"gp2\",\n )],\n tags={\n \"Name\": \"spot-fleet-example\",\n },\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Request a Spot fleet\n var cheapCompute = new Aws.Ec2.SpotFleetRequest(\"cheapCompute\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.03\",\n AllocationStrategy = \"diversified\",\n TargetCapacity = 6,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.10xlarge\",\n Ami = \"ami-1234\",\n SpotPrice = \"2.793\",\n PlacementTenancy = \"dedicated\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.4xlarge\",\n Ami = \"ami-5678\",\n KeyName = \"my-key\",\n SpotPrice = \"1.117\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n AvailabilityZone = \"us-west-1a\",\n SubnetId = \"subnet-1234\",\n WeightedCapacity = \"35\",\n RootBlockDevices = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs\n {\n VolumeSize = 300,\n VolumeType = \"gp2\",\n },\n },\n Tags = \n {\n { \"Name\", \"spot-fleet-example\" },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Request a Spot fleet\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"cheapCompute\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tAllocationStrategy: pulumi.String(\"diversified\"),\n\t\t\tTargetCapacity: pulumi.Int(6),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.10xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"2.793\"),\n\t\t\t\t\tPlacementTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.4xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-5678\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"1.117\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-1a\"),\n\t\t\t\t\tSubnetId: pulumi.String(\"subnet-1234\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"35\"),\n\t\t\t\t\tRootBlockDevices: ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArray{\n\t\t\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs{\n\t\t\t\t\t\t\tVolumeSize: pulumi.Int(300),\n\t\t\t\t\t\t\tVolumeType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"Name\": pulumi.String(\"spot-fleet-example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cheapCompute = new SpotFleetRequest(\"cheapCompute\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.03\")\n .allocationStrategy(\"diversified\")\n .targetCapacity(6)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.10xlarge\")\n .ami(\"ami-1234\")\n .spotPrice(\"2.793\")\n .placementTenancy(\"dedicated\")\n .iamInstanceProfileArn(aws_iam_instance_profile.example().arn())\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .instanceType(\"m4.4xlarge\")\n .ami(\"ami-5678\")\n .keyName(\"my-key\")\n .spotPrice(\"1.117\")\n .iamInstanceProfileArn(aws_iam_instance_profile.example().arn())\n .availabilityZone(\"us-west-1a\")\n .subnetId(\"subnet-1234\")\n .weightedCapacity(35)\n .rootBlockDevices(SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs.builder()\n .volumeSize(\"300\")\n .volumeType(\"gp2\")\n .build())\n .tags(Map.of(\"Name\", \"spot-fleet-example\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Request a Spot fleet\n cheapCompute:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.03'\n allocationStrategy: diversified\n targetCapacity: 6\n validUntil: 2019-11-04T20:44:20Z\n launchSpecifications:\n - instanceType: m4.10xlarge\n ami: ami-1234\n spotPrice: '2.793'\n placementTenancy: dedicated\n iamInstanceProfileArn: ${aws_iam_instance_profile.example.arn}\n - instanceType: m4.4xlarge\n ami: ami-5678\n keyName: my-key\n spotPrice: '1.117'\n iamInstanceProfileArn: ${aws_iam_instance_profile.example.arn}\n availabilityZone: us-west-1a\n subnetId: subnet-1234\n weightedCapacity: 35\n rootBlockDevices:\n - volumeSize: '300'\n volumeType: gp2\n tags:\n Name: spot-fleet-example\n```\n{{% /example %}}\n{{% example %}}\n### Using launch templates\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new()\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", \u0026ec2.LaunchTemplateArgs{\n\t\t\tImageId: pulumi.String(\"ami-516b9131\"),\n\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\tKeyName: pulumi.String(\"some-key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\n\t\t\t\t\tLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tId: fooLaunchTemplate.ID(),\n\t\t\t\t\t\tVersion: fooLaunchTemplate.LatestVersion,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_policy_attachment.TestAttach,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fooLaunchTemplate = new LaunchTemplate(\"fooLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(fooLaunchTemplate.id())\n .version(fooLaunchTemplate.latestVersion())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_policy_attachment.test-attach())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n properties:\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${fooLaunchTemplate.id}\n version: ${fooLaunchTemplate.latestVersion}\n options:\n dependson:\n - ${aws_iam_policy_attachment\"test-attach\"[%!s(MISSING)]}\n```\n\n\u003e **NOTE:** This provider does not support the functionality where multiple `subnet_id` or `availability_zone` parameters can be specified in the same\nlaunch configuration block. If you want to specify multiple values, then separate launch configuration blocks should be used or launch template overrides should be configured, one per subnet:\n{{% /example %}}\n{{% example %}}\n### Using multiple launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n launchSpecifications: [\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m1.small\",\n keyName: \"my-key\",\n },\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m5.large\",\n keyName: \"my-key\",\n },\n ],\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m1.small\",\n key_name=\"my-key\",\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m5.large\",\n key_name=\"my-key\",\n ),\n ],\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var foo = new Aws.Ec2.SpotFleetRequest(\"foo\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n LaunchSpecifications = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m1.small\",\n KeyName = \"my-key\",\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m5.large\",\n KeyName = \"my-key\",\n },\n },\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"foo\", \u0026ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t\t\u0026ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m5.large\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var foo = new SpotFleetRequest(\"foo\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .launchSpecifications( \n SpotFleetRequestLaunchSpecificationArgs.builder()\n .ami(\"ami-d06a90b0\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"m1.small\")\n .keyName(\"my-key\")\n .build(),\n SpotFleetRequestLaunchSpecificationArgs.builder()\n .ami(\"ami-d06a90b0\")\n .availabilityZone(\"us-west-2a\")\n .instanceType(\"m5.large\")\n .keyName(\"my-key\")\n .build())\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n foo:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n launchSpecifications:\n - ami: ami-d06a90b0\n availabilityZone: us-west-2a\n instanceType: m1.small\n keyName: my-key\n - ami: ami-d06a90b0\n availabilityZone: us-west-2a\n instanceType: m5.large\n keyName: my-key\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n```\n\n\u003e In this example, we use a `dynamic` block to define zero or more `launch_specification` blocks, producing one for each element in the list of subnet ids.\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnets = config.get(\"subnets\");\n var example = new SpotFleetRequest(\"example\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .targetCapacity(3)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .allocationStrategy(\"lowestPrice\")\n .fleetType(\"request\")\n .waitForFulfillment(\"true\")\n .terminateInstancesWithExpiration(\"true\")\n .dynamic(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using multiple launch configurations\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [_var.vpc_id],\n }],\n});\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n overrides: [\n {\n subnetId: example.then(example =\u003e example.ids?.[0]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[1]),\n },\n {\n subnetId: example.then(example =\u003e example.ids?.[2]),\n },\n ],\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[var[\"vpc_id\"]],\n)])\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n overrides=[\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[0],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[1],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=example.ids[2],\n ),\n ],\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n @var.Vpc_id,\n },\n },\n },\n });\n\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new()\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new()\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n Overrides = new[]\n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = example.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[2]),\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\n_var.Vpc_id,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", \u0026ec2.LaunchTemplateArgs{\nImageId: pulumi.String(\"ami-516b9131\"),\nInstanceType: pulumi.String(\"m1.small\"),\nKeyName: pulumi.String(\"some-key\"),\n})\nif err != nil {\nreturn err\n}\n_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", \u0026ec2.SpotFleetRequestArgs{\nIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\nSpotPrice: pulumi.String(\"0.005\"),\nTargetCapacity: pulumi.Int(2),\nValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\nLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigArgs{\nLaunchTemplateSpecification: \u0026ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\nId: fooLaunchTemplate.ID(),\nVersion: fooLaunchTemplate.LatestVersion,\n},\nOverrides: ec2.SpotFleetRequestLaunchTemplateConfigOverrideArray{\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[0]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[1]),\n},\n\u0026ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\nSubnetId: *pulumi.String(example.Ids[2]),\n},\n},\n},\n},\n}, pulumi.DependsOn([]pulumi.Resource{\naws_iam_policy_attachment.TestAttach,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.ec2.LaunchTemplate;\nimport com.pulumi.aws.ec2.LaunchTemplateArgs;\nimport com.pulumi.aws.ec2.SpotFleetRequest;\nimport com.pulumi.aws.ec2.SpotFleetRequestArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigArgs;\nimport com.pulumi.aws.ec2.inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(var_.vpc_id())\n .build())\n .build());\n\n var fooLaunchTemplate = new LaunchTemplate(\"fooLaunchTemplate\", LaunchTemplateArgs.builder() \n .imageId(\"ami-516b9131\")\n .instanceType(\"m1.small\")\n .keyName(\"some-key\")\n .build());\n\n var fooSpotFleetRequest = new SpotFleetRequest(\"fooSpotFleetRequest\", SpotFleetRequestArgs.builder() \n .iamFleetRole(\"arn:aws:iam::12345678:role/spot-fleet\")\n .spotPrice(\"0.005\")\n .targetCapacity(2)\n .validUntil(\"2019-11-04T20:44:20Z\")\n .launchTemplateConfigs(SpotFleetRequestLaunchTemplateConfigArgs.builder()\n .launchTemplateSpecification(SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs.builder()\n .id(fooLaunchTemplate.id())\n .version(fooLaunchTemplate.latestVersion())\n .build())\n .overrides( \n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .build(),\n SpotFleetRequestLaunchTemplateConfigOverrideArgs.builder()\n .subnetId(example.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[2]))\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_policy_attachment.test-attach())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fooLaunchTemplate:\n type: aws:ec2:LaunchTemplate\n properties:\n imageId: ami-516b9131\n instanceType: m1.small\n keyName: some-key\n fooSpotFleetRequest:\n type: aws:ec2:SpotFleetRequest\n properties:\n iamFleetRole: arn:aws:iam::12345678:role/spot-fleet\n spotPrice: '0.005'\n targetCapacity: 2\n validUntil: 2019-11-04T20:44:20Z\n launchTemplateConfigs:\n - launchTemplateSpecification:\n id: ${fooLaunchTemplate.id}\n version: ${fooLaunchTemplate.latestVersion}\n overrides:\n - subnetId: ${example.ids[0]}\n - subnetId: ${example.ids[1]}\n - subnetId: ${example.ids[2]}\n options:\n dependson:\n - ${aws_iam_policy_attachment\"test-attach\"[%!s(MISSING)]}\nvariables:\n example:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${var.vpc_id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Spot Fleet Requests using `id`. For example:\n\n```sh\n $ pulumi import aws:ec2/spotFleetRequest:SpotFleetRequest fleet sfr-005e9ec8-5546-4c31-b317-31a62325411e\n```\n ", "properties": { "allocationStrategy": { "type": "string", @@ -215584,7 +215584,7 @@ } }, "aws:ec2/spotInstanceRequest:SpotInstanceRequest": { - "description": "Provides an EC2 Spot Instance Request resource. This allows instances to be\nrequested on the spot market.\n\nBy default this provider creates Spot Instance Requests with a `persistent` type,\nwhich means that for the duration of their lifetime, AWS will launch an\ninstance with the configured details if and when the spot market will accept\nthe requested price.\n\nOn destruction, this provider will make an attempt to terminate the associated Spot\nInstance if there is one present.\n\nSpot Instances requests with a `one-time` type will close the spot request\nwhen the instance is terminated either by the request being below the current spot\nprice availability or by a user.\n\n\u003e **NOTE:** Because their behavior depends on the live status of the spot\nmarket, Spot Instance Requests have a unique lifecycle that makes them behave\ndifferently than other resources. Most importantly: there is __no\nguarantee__ that a Spot Instance exists to fulfill the request at any given\npoint in time. See the [AWS Spot Instance\ndocumentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html)\nfor more information.\n\n\u003e **NOTE [AWS strongly discourages](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) the use of the legacy APIs called by this resource.\nWe recommend using the EC2 Instance resource with `instance_market_options` instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a spot instance at $0.03\nconst cheapWorker = new aws.ec2.SpotInstanceRequest(\"cheapWorker\", {\n ami: \"ami-1234\",\n instanceType: \"c4.xlarge\",\n spotPrice: \"0.03\",\n tags: {\n Name: \"CheapWorker\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a spot instance at $0.03\ncheap_worker = aws.ec2.SpotInstanceRequest(\"cheapWorker\",\n ami=\"ami-1234\",\n instance_type=\"c4.xlarge\",\n spot_price=\"0.03\",\n tags={\n \"Name\": \"CheapWorker\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Request a spot instance at $0.03\n var cheapWorker = new Aws.Ec2.SpotInstanceRequest(\"cheapWorker\", new()\n {\n Ami = \"ami-1234\",\n InstanceType = \"c4.xlarge\",\n SpotPrice = \"0.03\",\n Tags = \n {\n { \"Name\", \"CheapWorker\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotInstanceRequest(ctx, \"cheapWorker\", \u0026ec2.SpotInstanceRequestArgs{\n\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\tInstanceType: pulumi.String(\"c4.xlarge\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"CheapWorker\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotInstanceRequest;\nimport com.pulumi.aws.ec2.SpotInstanceRequestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cheapWorker = new SpotInstanceRequest(\"cheapWorker\", SpotInstanceRequestArgs.builder() \n .ami(\"ami-1234\")\n .instanceType(\"c4.xlarge\")\n .spotPrice(\"0.03\")\n .tags(Map.of(\"Name\", \"CheapWorker\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Request a spot instance at $0.03\n cheapWorker:\n type: aws:ec2:SpotInstanceRequest\n properties:\n ami: ami-1234\n instanceType: c4.xlarge\n spotPrice: '0.03'\n tags:\n Name: CheapWorker\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Provides an EC2 Spot Instance Request resource. This allows instances to be\nrequested on the spot market.\n\nBy default this provider creates Spot Instance Requests with a `persistent` type,\nwhich means that for the duration of their lifetime, AWS will launch an\ninstance with the configured details if and when the spot market will accept\nthe requested price.\n\nOn destruction, this provider will make an attempt to terminate the associated Spot\nInstance if there is one present.\n\nSpot Instances requests with a `one-time` type will close the spot request\nwhen the instance is terminated either by the request being below the current spot\nprice availability or by a user.\n\n\u003e **NOTE:** Because their behavior depends on the live status of the spot\nmarket, Spot Instance Requests have a unique lifecycle that makes them behave\ndifferently than other resources. Most importantly: there is __no\nguarantee__ that a Spot Instance exists to fulfill the request at any given\npoint in time. See the [AWS Spot Instance\ndocumentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html)\nfor more information.\n\n\u003e **NOTE [AWS strongly discourages](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-best-practices.html#which-spot-request-method-to-use) the use of the legacy APIs called by this resource.\nWe recommend using the EC2 Instance resource with `instance_market_options` instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a spot instance at $0.03\nconst cheapWorker = new aws.ec2.SpotInstanceRequest(\"cheapWorker\", {\n ami: \"ami-1234\",\n instanceType: \"c4.xlarge\",\n spotPrice: \"0.03\",\n tags: {\n Name: \"CheapWorker\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a spot instance at $0.03\ncheap_worker = aws.ec2.SpotInstanceRequest(\"cheapWorker\",\n ami=\"ami-1234\",\n instance_type=\"c4.xlarge\",\n spot_price=\"0.03\",\n tags={\n \"Name\": \"CheapWorker\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Request a spot instance at $0.03\n var cheapWorker = new Aws.Ec2.SpotInstanceRequest(\"cheapWorker\", new()\n {\n Ami = \"ami-1234\",\n InstanceType = \"c4.xlarge\",\n SpotPrice = \"0.03\",\n Tags = \n {\n { \"Name\", \"CheapWorker\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Request a spot instance at $0.03\n\t\t_, err := ec2.NewSpotInstanceRequest(ctx, \"cheapWorker\", \u0026ec2.SpotInstanceRequestArgs{\n\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\tInstanceType: pulumi.String(\"c4.xlarge\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"CheapWorker\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SpotInstanceRequest;\nimport com.pulumi.aws.ec2.SpotInstanceRequestArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cheapWorker = new SpotInstanceRequest(\"cheapWorker\", SpotInstanceRequestArgs.builder() \n .ami(\"ami-1234\")\n .instanceType(\"c4.xlarge\")\n .spotPrice(\"0.03\")\n .tags(Map.of(\"Name\", \"CheapWorker\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Request a spot instance at $0.03\n cheapWorker:\n type: aws:ec2:SpotInstanceRequest\n properties:\n ami: ami-1234\n instanceType: c4.xlarge\n spotPrice: '0.03'\n tags:\n Name: CheapWorker\n```\n{{% /example %}}\n{{% /examples %}}", "properties": { "ami": { "type": "string", @@ -220689,7 +220689,7 @@ } }, "aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter": { - "description": "Provides a resource to manage the accepter's side of a VPC Peering Connection.\n\nWhen a cross-account (requester's AWS account differs from the accepter's AWS account) or an inter-region\nVPC Peering Connection is created, a VPC Peering Connection resource is automatically created in the\naccepter's account.\nThe requester can use the `aws.ec2.VpcPeeringConnection` resource to manage its side of the connection\nand the accepter can use the `aws.ec2.VpcPeeringConnectionAccepter` resource to \"adopt\" its side of the\nconnection into management.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst peer = new aws.Provider(\"peer\", {region: \"us-west-2\"});\n// Accepter's credentials.\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst peerVpc = new aws.ec2.Vpc(\"peerVpc\", {cidrBlock: \"10.1.0.0/16\"}, {\n provider: aws.peer,\n});\nconst peerCallerIdentity = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peerCallerIdentity.then(peerCallerIdentity =\u003e peerCallerIdentity.accountId),\n peerRegion: \"us-west-2\",\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.peer,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npeer = aws.Provider(\"peer\", region=\"us-west-2\")\n# Accepter's credentials.\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\npeer_vpc = aws.ec2.Vpc(\"peerVpc\", cidr_block=\"10.1.0.0/16\",\nopts=pulumi.ResourceOptions(provider=aws[\"peer\"]))\npeer_caller_identity = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer_caller_identity.account_id,\n peer_region=\"us-west-2\",\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n })\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"peer\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = new Aws.Provider(\"peer\", new()\n {\n Region = \"us-west-2\",\n });\n\n // Accepter's credentials.\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var peerVpc = new Aws.Ec2.Vpc(\"peerVpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n }, new CustomResourceOptions\n {\n Provider = aws.Peer,\n });\n\n var peerCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", new()\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peerCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n PeerRegion = \"us-west-2\",\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n });\n\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Peer,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"peer\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-west-2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peerVpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t}, pulumi.Provider(aws.Peer))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peerVpcPeeringConnection\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: *pulumi.String(peerCallerIdentity.AccountId),\n\t\t\tPeerRegion: pulumi.String(\"us-west-2\"),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcPeeringConnectionAccepter(ctx, \"peerVpcPeeringConnectionAccepter\", \u0026ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Peer))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepter;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var peer = new Provider(\"peer\", ProviderArgs.builder() \n .region(\"us-west-2\")\n .build());\n\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var peerVpc = new Vpc(\"peerVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.peer())\n .build());\n\n final var peerCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var peerVpcPeeringConnection = new VpcPeeringConnection(\"peerVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(main.id())\n .peerVpcId(peerVpc.id())\n .peerOwnerId(peerCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .peerRegion(\"us-west-2\")\n .autoAccept(false)\n .tags(Map.of(\"Side\", \"Requester\"))\n .build());\n\n var peerVpcPeeringConnectionAccepter = new VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", VpcPeeringConnectionAccepterArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnection.id())\n .autoAccept(true)\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.peer())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peer:\n type: pulumi:providers:aws\n properties:\n region: us-west-2\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n peerVpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n options:\n provider: ${aws.peer}\n # Requester's side of the connection.\n peerVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n properties:\n vpcId: ${main.id}\n peerVpcId: ${peerVpc.id}\n peerOwnerId: ${peerCallerIdentity.accountId}\n peerRegion: us-west-2\n autoAccept: false\n tags:\n Side: Requester\n # Accepter's side of the connection.\n peerVpcPeeringConnectionAccepter:\n type: aws:ec2:VpcPeeringConnectionAccepter\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnection.id}\n autoAccept: true\n tags:\n Side: Accepter\n options:\n provider: ${aws.peer}\nvariables:\n peerCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import VPC Peering Connection Accepters using the Peering Connection ID. For example:\n\n```sh\n $ pulumi import aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter example pcx-12345678\n```\n Certain resource arguments, like `auto_accept`, do not have an EC2 API method for reading the information after peering connection creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", + "description": "Provides a resource to manage the accepter's side of a VPC Peering Connection.\n\nWhen a cross-account (requester's AWS account differs from the accepter's AWS account) or an inter-region\nVPC Peering Connection is created, a VPC Peering Connection resource is automatically created in the\naccepter's account.\nThe requester can use the `aws.ec2.VpcPeeringConnection` resource to manage its side of the connection\nand the accepter can use the `aws.ec2.VpcPeeringConnectionAccepter` resource to \"adopt\" its side of the\nconnection into management.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst peer = new aws.Provider(\"peer\", {region: \"us-west-2\"});\n// Accepter's credentials.\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst peerVpc = new aws.ec2.Vpc(\"peerVpc\", {cidrBlock: \"10.1.0.0/16\"}, {\n provider: aws.peer,\n});\nconst peerCallerIdentity = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peerCallerIdentity.then(peerCallerIdentity =\u003e peerCallerIdentity.accountId),\n peerRegion: \"us-west-2\",\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.peer,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npeer = aws.Provider(\"peer\", region=\"us-west-2\")\n# Accepter's credentials.\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\npeer_vpc = aws.ec2.Vpc(\"peerVpc\", cidr_block=\"10.1.0.0/16\",\nopts=pulumi.ResourceOptions(provider=aws[\"peer\"]))\npeer_caller_identity = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer_caller_identity.account_id,\n peer_region=\"us-west-2\",\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n })\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"peer\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var peer = new Aws.Provider(\"peer\", new()\n {\n Region = \"us-west-2\",\n });\n\n // Accepter's credentials.\n var main = new Aws.Ec2.Vpc(\"main\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n var peerVpc = new Aws.Ec2.Vpc(\"peerVpc\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n }, new CustomResourceOptions\n {\n Provider = aws.Peer,\n });\n\n var peerCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", new()\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peerCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId),\n PeerRegion = \"us-west-2\",\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n });\n\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", new()\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Peer,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"peer\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-west-2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peerVpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t}, pulumi.Provider(aws.Peer))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Requester's side of the connection.\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peerVpcPeeringConnection\", \u0026ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: *pulumi.String(peerCallerIdentity.AccountId),\n\t\t\tPeerRegion: pulumi.String(\"us-west-2\"),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Accepter's side of the connection.\n\t\t_, err = ec2.NewVpcPeeringConnectionAccepter(ctx, \"peerVpcPeeringConnectionAccepter\", \u0026ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Peer))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnection;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepter;\nimport com.pulumi.aws.ec2.VpcPeeringConnectionAccepterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var peer = new Provider(\"peer\", ProviderArgs.builder() \n .region(\"us-west-2\")\n .build());\n\n var main = new Vpc(\"main\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var peerVpc = new Vpc(\"peerVpc\", VpcArgs.builder() \n .cidrBlock(\"10.1.0.0/16\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.peer())\n .build());\n\n final var peerCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var peerVpcPeeringConnection = new VpcPeeringConnection(\"peerVpcPeeringConnection\", VpcPeeringConnectionArgs.builder() \n .vpcId(main.id())\n .peerVpcId(peerVpc.id())\n .peerOwnerId(peerCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))\n .peerRegion(\"us-west-2\")\n .autoAccept(false)\n .tags(Map.of(\"Side\", \"Requester\"))\n .build());\n\n var peerVpcPeeringConnectionAccepter = new VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", VpcPeeringConnectionAccepterArgs.builder() \n .vpcPeeringConnectionId(peerVpcPeeringConnection.id())\n .autoAccept(true)\n .tags(Map.of(\"Side\", \"Accepter\"))\n .build(), CustomResourceOptions.builder()\n .provider(aws.peer())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n peer:\n type: pulumi:providers:aws\n properties:\n region: us-west-2\n main:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n peerVpc:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.1.0.0/16\n options:\n provider: ${aws.peer}\n # Requester's side of the connection.\n peerVpcPeeringConnection:\n type: aws:ec2:VpcPeeringConnection\n properties:\n vpcId: ${main.id}\n peerVpcId: ${peerVpc.id}\n peerOwnerId: ${peerCallerIdentity.accountId}\n peerRegion: us-west-2\n autoAccept: false\n tags:\n Side: Requester\n # Accepter's side of the connection.\n peerVpcPeeringConnectionAccepter:\n type: aws:ec2:VpcPeeringConnectionAccepter\n properties:\n vpcPeeringConnectionId: ${peerVpcPeeringConnection.id}\n autoAccept: true\n tags:\n Side: Accepter\n options:\n provider: ${aws.peer}\nvariables:\n peerCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import VPC Peering Connection Accepters using the Peering Connection ID. For example:\n\n```sh\n $ pulumi import aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter example pcx-12345678\n```\n Certain resource arguments, like `auto_accept`, do not have an EC2 API method for reading the information after peering connection creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", "properties": { "acceptStatus": { "type": "string", @@ -225665,7 +225665,7 @@ } }, "aws:ecs/capacityProvider:CapacityProvider": { - "description": "Provides an ECS cluster capacity provider. More information can be found on the [ECS Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-capacity-providers.html).\n\n\u003e **NOTE:** Associating an ECS Capacity Provider to an Auto Scaling Group will automatically add the `AmazonECSManaged` tag to the Auto Scaling Group. This tag should be included in the `aws.autoscaling.Group` resource configuration to prevent the provider from removing it in subsequent executions as well as ensuring the `AmazonECSManaged` tag is propagated to all EC2 Instances in the Auto Scaling Group if `min_size` is above 0 on creation. Any EC2 Instances in the Auto Scaling Group without this tag must be manually be updated, otherwise they may cause unexpected scaling behavior and metrics.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration, including potentially other tags ...\nconst testGroup = new aws.autoscaling.Group(\"testGroup\", {tags: [{\n key: \"AmazonECSManaged\",\n value: \"true\",\n propagateAtLaunch: true,\n}]});\nconst testCapacityProvider = new aws.ecs.CapacityProvider(\"testCapacityProvider\", {autoScalingGroupProvider: {\n autoScalingGroupArn: testGroup.arn,\n managedTerminationProtection: \"ENABLED\",\n managedScaling: {\n maximumScalingStepSize: 1000,\n minimumScalingStepSize: 1,\n status: \"ENABLED\",\n targetCapacity: 10,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration, including potentially other tags ...\ntest_group = aws.autoscaling.Group(\"testGroup\", tags=[aws.autoscaling.GroupTagArgs(\n key=\"AmazonECSManaged\",\n value=\"true\",\n propagate_at_launch=True,\n)])\ntest_capacity_provider = aws.ecs.CapacityProvider(\"testCapacityProvider\", auto_scaling_group_provider=aws.ecs.CapacityProviderAutoScalingGroupProviderArgs(\n auto_scaling_group_arn=test_group.arn,\n managed_termination_protection=\"ENABLED\",\n managed_scaling=aws.ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs(\n maximum_scaling_step_size=1000,\n minimum_scaling_step_size=1,\n status=\"ENABLED\",\n target_capacity=10,\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration, including potentially other tags ...\n var testGroup = new Aws.AutoScaling.Group(\"testGroup\", new()\n {\n Tags = new[]\n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"AmazonECSManaged\",\n Value = \"true\",\n PropagateAtLaunch = true,\n },\n },\n });\n\n var testCapacityProvider = new Aws.Ecs.CapacityProvider(\"testCapacityProvider\", new()\n {\n AutoScalingGroupProvider = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderArgs\n {\n AutoScalingGroupArn = testGroup.Arn,\n ManagedTerminationProtection = \"ENABLED\",\n ManagedScaling = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs\n {\n MaximumScalingStepSize = 1000,\n MinimumScalingStepSize = 1,\n Status = \"ENABLED\",\n TargetCapacity = 10,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestGroup, err := autoscaling.NewGroup(ctx, \"testGroup\", \u0026autoscaling.GroupArgs{\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"AmazonECSManaged\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecs.NewCapacityProvider(ctx, \"testCapacityProvider\", \u0026ecs.CapacityProviderArgs{\n\t\t\tAutoScalingGroupProvider: \u0026ecs.CapacityProviderAutoScalingGroupProviderArgs{\n\t\t\t\tAutoScalingGroupArn: testGroup.Arn,\n\t\t\t\tManagedTerminationProtection: pulumi.String(\"ENABLED\"),\n\t\t\t\tManagedScaling: \u0026ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs{\n\t\t\t\t\tMaximumScalingStepSize: pulumi.Int(1000),\n\t\t\t\t\tMinimumScalingStepSize: pulumi.Int(1),\n\t\t\t\t\tStatus: pulumi.String(\"ENABLED\"),\n\t\t\t\t\tTargetCapacity: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupTagArgs;\nimport com.pulumi.aws.ecs.CapacityProvider;\nimport com.pulumi.aws.ecs.CapacityProviderArgs;\nimport com.pulumi.aws.ecs.inputs.CapacityProviderAutoScalingGroupProviderArgs;\nimport com.pulumi.aws.ecs.inputs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testGroup = new Group(\"testGroup\", GroupArgs.builder() \n .tags(GroupTagArgs.builder()\n .key(\"AmazonECSManaged\")\n .value(true)\n .propagateAtLaunch(true)\n .build())\n .build());\n\n var testCapacityProvider = new CapacityProvider(\"testCapacityProvider\", CapacityProviderArgs.builder() \n .autoScalingGroupProvider(CapacityProviderAutoScalingGroupProviderArgs.builder()\n .autoScalingGroupArn(testGroup.arn())\n .managedTerminationProtection(\"ENABLED\")\n .managedScaling(CapacityProviderAutoScalingGroupProviderManagedScalingArgs.builder()\n .maximumScalingStepSize(1000)\n .minimumScalingStepSize(1)\n .status(\"ENABLED\")\n .targetCapacity(10)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testGroup:\n type: aws:autoscaling:Group\n properties:\n tags:\n - key: AmazonECSManaged\n value: true\n propagateAtLaunch: true\n testCapacityProvider:\n type: aws:ecs:CapacityProvider\n properties:\n autoScalingGroupProvider:\n autoScalingGroupArn: ${testGroup.arn}\n managedTerminationProtection: ENABLED\n managedScaling:\n maximumScalingStepSize: 1000\n minimumScalingStepSize: 1\n status: ENABLED\n targetCapacity: 10\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import ECS Capacity Providers using the `name`. For example:\n\n```sh\n $ pulumi import aws:ecs/capacityProvider:CapacityProvider example example\n```\n ", + "description": "Provides an ECS cluster capacity provider. More information can be found on the [ECS Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-capacity-providers.html).\n\n\u003e **NOTE:** Associating an ECS Capacity Provider to an Auto Scaling Group will automatically add the `AmazonECSManaged` tag to the Auto Scaling Group. This tag should be included in the `aws.autoscaling.Group` resource configuration to prevent the provider from removing it in subsequent executions as well as ensuring the `AmazonECSManaged` tag is propagated to all EC2 Instances in the Auto Scaling Group if `min_size` is above 0 on creation. Any EC2 Instances in the Auto Scaling Group without this tag must be manually be updated, otherwise they may cause unexpected scaling behavior and metrics.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration, including potentially other tags ...\nconst testGroup = new aws.autoscaling.Group(\"testGroup\", {tags: [{\n key: \"AmazonECSManaged\",\n value: \"true\",\n propagateAtLaunch: true,\n}]});\nconst testCapacityProvider = new aws.ecs.CapacityProvider(\"testCapacityProvider\", {autoScalingGroupProvider: {\n autoScalingGroupArn: testGroup.arn,\n managedTerminationProtection: \"ENABLED\",\n managedScaling: {\n maximumScalingStepSize: 1000,\n minimumScalingStepSize: 1,\n status: \"ENABLED\",\n targetCapacity: 10,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration, including potentially other tags ...\ntest_group = aws.autoscaling.Group(\"testGroup\", tags=[aws.autoscaling.GroupTagArgs(\n key=\"AmazonECSManaged\",\n value=\"true\",\n propagate_at_launch=True,\n)])\ntest_capacity_provider = aws.ecs.CapacityProvider(\"testCapacityProvider\", auto_scaling_group_provider=aws.ecs.CapacityProviderAutoScalingGroupProviderArgs(\n auto_scaling_group_arn=test_group.arn,\n managed_termination_protection=\"ENABLED\",\n managed_scaling=aws.ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs(\n maximum_scaling_step_size=1000,\n minimum_scaling_step_size=1,\n status=\"ENABLED\",\n target_capacity=10,\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration, including potentially other tags ...\n var testGroup = new Aws.AutoScaling.Group(\"testGroup\", new()\n {\n Tags = new[]\n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"AmazonECSManaged\",\n Value = \"true\",\n PropagateAtLaunch = true,\n },\n },\n });\n\n var testCapacityProvider = new Aws.Ecs.CapacityProvider(\"testCapacityProvider\", new()\n {\n AutoScalingGroupProvider = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderArgs\n {\n AutoScalingGroupArn = testGroup.Arn,\n ManagedTerminationProtection = \"ENABLED\",\n ManagedScaling = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs\n {\n MaximumScalingStepSize = 1000,\n MinimumScalingStepSize = 1,\n Status = \"ENABLED\",\n TargetCapacity = 10,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration, including potentially other tags ...\n\t\ttestGroup, err := autoscaling.NewGroup(ctx, \"testGroup\", \u0026autoscaling.GroupArgs{\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t\u0026autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"AmazonECSManaged\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecs.NewCapacityProvider(ctx, \"testCapacityProvider\", \u0026ecs.CapacityProviderArgs{\n\t\t\tAutoScalingGroupProvider: \u0026ecs.CapacityProviderAutoScalingGroupProviderArgs{\n\t\t\t\tAutoScalingGroupArn: testGroup.Arn,\n\t\t\t\tManagedTerminationProtection: pulumi.String(\"ENABLED\"),\n\t\t\t\tManagedScaling: \u0026ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs{\n\t\t\t\t\tMaximumScalingStepSize: pulumi.Int(1000),\n\t\t\t\t\tMinimumScalingStepSize: pulumi.Int(1),\n\t\t\t\t\tStatus: pulumi.String(\"ENABLED\"),\n\t\t\t\t\tTargetCapacity: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.autoscaling.Group;\nimport com.pulumi.aws.autoscaling.GroupArgs;\nimport com.pulumi.aws.autoscaling.inputs.GroupTagArgs;\nimport com.pulumi.aws.ecs.CapacityProvider;\nimport com.pulumi.aws.ecs.CapacityProviderArgs;\nimport com.pulumi.aws.ecs.inputs.CapacityProviderAutoScalingGroupProviderArgs;\nimport com.pulumi.aws.ecs.inputs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testGroup = new Group(\"testGroup\", GroupArgs.builder() \n .tags(GroupTagArgs.builder()\n .key(\"AmazonECSManaged\")\n .value(true)\n .propagateAtLaunch(true)\n .build())\n .build());\n\n var testCapacityProvider = new CapacityProvider(\"testCapacityProvider\", CapacityProviderArgs.builder() \n .autoScalingGroupProvider(CapacityProviderAutoScalingGroupProviderArgs.builder()\n .autoScalingGroupArn(testGroup.arn())\n .managedTerminationProtection(\"ENABLED\")\n .managedScaling(CapacityProviderAutoScalingGroupProviderManagedScalingArgs.builder()\n .maximumScalingStepSize(1000)\n .minimumScalingStepSize(1)\n .status(\"ENABLED\")\n .targetCapacity(10)\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testGroup:\n type: aws:autoscaling:Group\n properties:\n tags:\n - key: AmazonECSManaged\n value: true\n propagateAtLaunch: true\n testCapacityProvider:\n type: aws:ecs:CapacityProvider\n properties:\n autoScalingGroupProvider:\n autoScalingGroupArn: ${testGroup.arn}\n managedTerminationProtection: ENABLED\n managedScaling:\n maximumScalingStepSize: 1000\n minimumScalingStepSize: 1\n status: ENABLED\n targetCapacity: 10\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import ECS Capacity Providers using the `name`. For example:\n\n```sh\n $ pulumi import aws:ecs/capacityProvider:CapacityProvider example example\n```\n ", "properties": { "arn": { "type": "string", @@ -225962,7 +225962,7 @@ } }, "aws:ecs/service:Service": { - "description": "\u003e **Note:** To prevent a race condition during service deletion, make sure to set `depends_on` to the related `aws.iam.RolePolicy`; otherwise, the policy may be destroyed too soon and the ECS service will then get stuck in the `DRAINING` state.\n\nProvides an ECS service - effectively a task that is expected to run until an error occurs or a user terminates it (typically a webserver or a database).\n\nSee [ECS Services section in AWS developer guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mongo = new aws.ecs.Service(\"mongo\", {\n cluster: aws_ecs_cluster.foo.id,\n taskDefinition: aws_ecs_task_definition.mongo.arn,\n desiredCount: 3,\n iamRole: aws_iam_role.foo.arn,\n orderedPlacementStrategies: [{\n type: \"binpack\",\n field: \"cpu\",\n }],\n loadBalancers: [{\n targetGroupArn: aws_lb_target_group.foo.arn,\n containerName: \"mongo\",\n containerPort: 8080,\n }],\n placementConstraints: [{\n type: \"memberOf\",\n expression: \"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n }],\n}, {\n dependsOn: [aws_iam_role_policy.foo],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmongo = aws.ecs.Service(\"mongo\",\n cluster=aws_ecs_cluster[\"foo\"][\"id\"],\n task_definition=aws_ecs_task_definition[\"mongo\"][\"arn\"],\n desired_count=3,\n iam_role=aws_iam_role[\"foo\"][\"arn\"],\n ordered_placement_strategies=[aws.ecs.ServiceOrderedPlacementStrategyArgs(\n type=\"binpack\",\n field=\"cpu\",\n )],\n load_balancers=[aws.ecs.ServiceLoadBalancerArgs(\n target_group_arn=aws_lb_target_group[\"foo\"][\"arn\"],\n container_name=\"mongo\",\n container_port=8080,\n )],\n placement_constraints=[aws.ecs.ServicePlacementConstraintArgs(\n type=\"memberOf\",\n expression=\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_role_policy[\"foo\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mongo = new Aws.Ecs.Service(\"mongo\", new()\n {\n Cluster = aws_ecs_cluster.Foo.Id,\n TaskDefinition = aws_ecs_task_definition.Mongo.Arn,\n DesiredCount = 3,\n IamRole = aws_iam_role.Foo.Arn,\n OrderedPlacementStrategies = new[]\n {\n new Aws.Ecs.Inputs.ServiceOrderedPlacementStrategyArgs\n {\n Type = \"binpack\",\n Field = \"cpu\",\n },\n },\n LoadBalancers = new[]\n {\n new Aws.Ecs.Inputs.ServiceLoadBalancerArgs\n {\n TargetGroupArn = aws_lb_target_group.Foo.Arn,\n ContainerName = \"mongo\",\n ContainerPort = 8080,\n },\n },\n PlacementConstraints = new[]\n {\n new Aws.Ecs.Inputs.ServicePlacementConstraintArgs\n {\n Type = \"memberOf\",\n Expression = \"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_role_policy.Foo,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"mongo\", \u0026ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Foo.Id),\n\t\t\tTaskDefinition: pulumi.Any(aws_ecs_task_definition.Mongo.Arn),\n\t\t\tDesiredCount: pulumi.Int(3),\n\t\t\tIamRole: pulumi.Any(aws_iam_role.Foo.Arn),\n\t\t\tOrderedPlacementStrategies: ecs.ServiceOrderedPlacementStrategyArray{\n\t\t\t\t\u0026ecs.ServiceOrderedPlacementStrategyArgs{\n\t\t\t\t\tType: pulumi.String(\"binpack\"),\n\t\t\t\t\tField: pulumi.String(\"cpu\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLoadBalancers: ecs.ServiceLoadBalancerArray{\n\t\t\t\t\u0026ecs.ServiceLoadBalancerArgs{\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Foo.Arn),\n\t\t\t\t\tContainerName: pulumi.String(\"mongo\"),\n\t\t\t\t\tContainerPort: pulumi.Int(8080),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPlacementConstraints: ecs.ServicePlacementConstraintArray{\n\t\t\t\t\u0026ecs.ServicePlacementConstraintArgs{\n\t\t\t\t\tType: pulumi.String(\"memberOf\"),\n\t\t\t\t\tExpression: pulumi.String(\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_role_policy.Foo,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport com.pulumi.aws.ecs.inputs.ServiceOrderedPlacementStrategyArgs;\nimport com.pulumi.aws.ecs.inputs.ServiceLoadBalancerArgs;\nimport com.pulumi.aws.ecs.inputs.ServicePlacementConstraintArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mongo = new Service(\"mongo\", ServiceArgs.builder() \n .cluster(aws_ecs_cluster.foo().id())\n .taskDefinition(aws_ecs_task_definition.mongo().arn())\n .desiredCount(3)\n .iamRole(aws_iam_role.foo().arn())\n .orderedPlacementStrategies(ServiceOrderedPlacementStrategyArgs.builder()\n .type(\"binpack\")\n .field(\"cpu\")\n .build())\n .loadBalancers(ServiceLoadBalancerArgs.builder()\n .targetGroupArn(aws_lb_target_group.foo().arn())\n .containerName(\"mongo\")\n .containerPort(8080)\n .build())\n .placementConstraints(ServicePlacementConstraintArgs.builder()\n .type(\"memberOf\")\n .expression(\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_role_policy.foo())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mongo:\n type: aws:ecs:Service\n properties:\n cluster: ${aws_ecs_cluster.foo.id}\n taskDefinition: ${aws_ecs_task_definition.mongo.arn}\n desiredCount: 3\n iamRole: ${aws_iam_role.foo.arn}\n orderedPlacementStrategies:\n - type: binpack\n field: cpu\n loadBalancers:\n - targetGroupArn: ${aws_lb_target_group.foo.arn}\n containerName: mongo\n containerPort: 8080\n placementConstraints:\n - type: memberOf\n expression: attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\n options:\n dependson:\n - ${aws_iam_role_policy.foo}\n```\n{{% /example %}}\n{{% example %}}\n### Ignoring Changes to Desired Count\n\nYou can use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to create an ECS service with an initial count of running instances, then ignore any changes to that count caused externally (e.g. Application Autoscaling).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configurations ...\nconst example = new aws.ecs.Service(\"example\", {desiredCount: 2});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configurations ...\nexample = aws.ecs.Service(\"example\", desired_count=2)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configurations ...\n var example = new Aws.Ecs.Service(\"example\", new()\n {\n DesiredCount = 2,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"example\", \u0026ecs.ServiceArgs{\n\t\t\tDesiredCount: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Service(\"example\", ServiceArgs.builder() \n .desiredCount(2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ecs:Service\n properties:\n # Example: Create service with 2 instances to start\n desiredCount: 2\n```\n{{% /example %}}\n{{% example %}}\n### Daemon Scheduling Strategy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.ecs.Service(\"bar\", {\n cluster: aws_ecs_cluster.foo.id,\n taskDefinition: aws_ecs_task_definition.bar.arn,\n schedulingStrategy: \"DAEMON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.ecs.Service(\"bar\",\n cluster=aws_ecs_cluster[\"foo\"][\"id\"],\n task_definition=aws_ecs_task_definition[\"bar\"][\"arn\"],\n scheduling_strategy=\"DAEMON\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Aws.Ecs.Service(\"bar\", new()\n {\n Cluster = aws_ecs_cluster.Foo.Id,\n TaskDefinition = aws_ecs_task_definition.Bar.Arn,\n SchedulingStrategy = \"DAEMON\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"bar\", \u0026ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Foo.Id),\n\t\t\tTaskDefinition: pulumi.Any(aws_ecs_task_definition.Bar.Arn),\n\t\t\tSchedulingStrategy: pulumi.String(\"DAEMON\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Service(\"bar\", ServiceArgs.builder() \n .cluster(aws_ecs_cluster.foo().id())\n .taskDefinition(aws_ecs_task_definition.bar().arn())\n .schedulingStrategy(\"DAEMON\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bar:\n type: aws:ecs:Service\n properties:\n cluster: ${aws_ecs_cluster.foo.id}\n taskDefinition: ${aws_ecs_task_definition.bar.arn}\n schedulingStrategy: DAEMON\n```\n{{% /example %}}\n{{% example %}}\n### CloudWatch Deployment Alarms\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ecs.Service(\"example\", {\n cluster: aws_ecs_cluster.example.id,\n alarms: {\n enable: true,\n rollback: true,\n alarmNames: [aws_cloudwatch_metric_alarm.example.alarm_name],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ecs.Service(\"example\",\n cluster=aws_ecs_cluster[\"example\"][\"id\"],\n alarms=aws.ecs.ServiceAlarmsArgs(\n enable=True,\n rollback=True,\n alarm_names=[aws_cloudwatch_metric_alarm[\"example\"][\"alarm_name\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ecs.Service(\"example\", new()\n {\n Cluster = aws_ecs_cluster.Example.Id,\n Alarms = new Aws.Ecs.Inputs.ServiceAlarmsArgs\n {\n Enable = true,\n Rollback = true,\n AlarmNames = new[]\n {\n aws_cloudwatch_metric_alarm.Example.Alarm_name,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"example\", \u0026ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Example.Id),\n\t\t\tAlarms: \u0026ecs.ServiceAlarmsArgs{\n\t\t\t\tEnable: pulumi.Bool(true),\n\t\t\t\tRollback: pulumi.Bool(true),\n\t\t\t\tAlarmNames: pulumi.StringArray{\n\t\t\t\t\taws_cloudwatch_metric_alarm.Example.Alarm_name,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport com.pulumi.aws.ecs.inputs.ServiceAlarmsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Service(\"example\", ServiceArgs.builder() \n .cluster(aws_ecs_cluster.example().id())\n .alarms(ServiceAlarmsArgs.builder()\n .enable(true)\n .rollback(true)\n .alarmNames(aws_cloudwatch_metric_alarm.example().alarm_name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ecs:Service\n properties:\n cluster: ${aws_ecs_cluster.example.id}\n alarms:\n enable: true\n rollback: true\n alarmNames:\n - ${aws_cloudwatch_metric_alarm.example.alarm_name}\n```\n{{% /example %}}\n{{% example %}}\n### External Deployment Controller\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ecs.Service(\"example\", {\n cluster: aws_ecs_cluster.example.id,\n deploymentController: {\n type: \"EXTERNAL\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ecs.Service(\"example\",\n cluster=aws_ecs_cluster[\"example\"][\"id\"],\n deployment_controller=aws.ecs.ServiceDeploymentControllerArgs(\n type=\"EXTERNAL\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ecs.Service(\"example\", new()\n {\n Cluster = aws_ecs_cluster.Example.Id,\n DeploymentController = new Aws.Ecs.Inputs.ServiceDeploymentControllerArgs\n {\n Type = \"EXTERNAL\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"example\", \u0026ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Example.Id),\n\t\t\tDeploymentController: \u0026ecs.ServiceDeploymentControllerArgs{\n\t\t\t\tType: pulumi.String(\"EXTERNAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport com.pulumi.aws.ecs.inputs.ServiceDeploymentControllerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Service(\"example\", ServiceArgs.builder() \n .cluster(aws_ecs_cluster.example().id())\n .deploymentController(ServiceDeploymentControllerArgs.builder()\n .type(\"EXTERNAL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ecs:Service\n properties:\n cluster: ${aws_ecs_cluster.example.id}\n deploymentController:\n type: EXTERNAL\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import ECS services using the `name` together with ecs cluster `name`. For example:\n\n```sh\n $ pulumi import aws:ecs/service:Service imported cluster-name/service-name\n```\n ", + "description": "\u003e **Note:** To prevent a race condition during service deletion, make sure to set `depends_on` to the related `aws.iam.RolePolicy`; otherwise, the policy may be destroyed too soon and the ECS service will then get stuck in the `DRAINING` state.\n\nProvides an ECS service - effectively a task that is expected to run until an error occurs or a user terminates it (typically a webserver or a database).\n\nSee [ECS Services section in AWS developer guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mongo = new aws.ecs.Service(\"mongo\", {\n cluster: aws_ecs_cluster.foo.id,\n taskDefinition: aws_ecs_task_definition.mongo.arn,\n desiredCount: 3,\n iamRole: aws_iam_role.foo.arn,\n orderedPlacementStrategies: [{\n type: \"binpack\",\n field: \"cpu\",\n }],\n loadBalancers: [{\n targetGroupArn: aws_lb_target_group.foo.arn,\n containerName: \"mongo\",\n containerPort: 8080,\n }],\n placementConstraints: [{\n type: \"memberOf\",\n expression: \"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n }],\n}, {\n dependsOn: [aws_iam_role_policy.foo],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmongo = aws.ecs.Service(\"mongo\",\n cluster=aws_ecs_cluster[\"foo\"][\"id\"],\n task_definition=aws_ecs_task_definition[\"mongo\"][\"arn\"],\n desired_count=3,\n iam_role=aws_iam_role[\"foo\"][\"arn\"],\n ordered_placement_strategies=[aws.ecs.ServiceOrderedPlacementStrategyArgs(\n type=\"binpack\",\n field=\"cpu\",\n )],\n load_balancers=[aws.ecs.ServiceLoadBalancerArgs(\n target_group_arn=aws_lb_target_group[\"foo\"][\"arn\"],\n container_name=\"mongo\",\n container_port=8080,\n )],\n placement_constraints=[aws.ecs.ServicePlacementConstraintArgs(\n type=\"memberOf\",\n expression=\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_role_policy[\"foo\"]]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var mongo = new Aws.Ecs.Service(\"mongo\", new()\n {\n Cluster = aws_ecs_cluster.Foo.Id,\n TaskDefinition = aws_ecs_task_definition.Mongo.Arn,\n DesiredCount = 3,\n IamRole = aws_iam_role.Foo.Arn,\n OrderedPlacementStrategies = new[]\n {\n new Aws.Ecs.Inputs.ServiceOrderedPlacementStrategyArgs\n {\n Type = \"binpack\",\n Field = \"cpu\",\n },\n },\n LoadBalancers = new[]\n {\n new Aws.Ecs.Inputs.ServiceLoadBalancerArgs\n {\n TargetGroupArn = aws_lb_target_group.Foo.Arn,\n ContainerName = \"mongo\",\n ContainerPort = 8080,\n },\n },\n PlacementConstraints = new[]\n {\n new Aws.Ecs.Inputs.ServicePlacementConstraintArgs\n {\n Type = \"memberOf\",\n Expression = \"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_role_policy.Foo,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"mongo\", \u0026ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Foo.Id),\n\t\t\tTaskDefinition: pulumi.Any(aws_ecs_task_definition.Mongo.Arn),\n\t\t\tDesiredCount: pulumi.Int(3),\n\t\t\tIamRole: pulumi.Any(aws_iam_role.Foo.Arn),\n\t\t\tOrderedPlacementStrategies: ecs.ServiceOrderedPlacementStrategyArray{\n\t\t\t\t\u0026ecs.ServiceOrderedPlacementStrategyArgs{\n\t\t\t\t\tType: pulumi.String(\"binpack\"),\n\t\t\t\t\tField: pulumi.String(\"cpu\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLoadBalancers: ecs.ServiceLoadBalancerArray{\n\t\t\t\t\u0026ecs.ServiceLoadBalancerArgs{\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Foo.Arn),\n\t\t\t\t\tContainerName: pulumi.String(\"mongo\"),\n\t\t\t\t\tContainerPort: pulumi.Int(8080),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPlacementConstraints: ecs.ServicePlacementConstraintArray{\n\t\t\t\t\u0026ecs.ServicePlacementConstraintArgs{\n\t\t\t\t\tType: pulumi.String(\"memberOf\"),\n\t\t\t\t\tExpression: pulumi.String(\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_role_policy.Foo,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport com.pulumi.aws.ecs.inputs.ServiceOrderedPlacementStrategyArgs;\nimport com.pulumi.aws.ecs.inputs.ServiceLoadBalancerArgs;\nimport com.pulumi.aws.ecs.inputs.ServicePlacementConstraintArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mongo = new Service(\"mongo\", ServiceArgs.builder() \n .cluster(aws_ecs_cluster.foo().id())\n .taskDefinition(aws_ecs_task_definition.mongo().arn())\n .desiredCount(3)\n .iamRole(aws_iam_role.foo().arn())\n .orderedPlacementStrategies(ServiceOrderedPlacementStrategyArgs.builder()\n .type(\"binpack\")\n .field(\"cpu\")\n .build())\n .loadBalancers(ServiceLoadBalancerArgs.builder()\n .targetGroupArn(aws_lb_target_group.foo().arn())\n .containerName(\"mongo\")\n .containerPort(8080)\n .build())\n .placementConstraints(ServicePlacementConstraintArgs.builder()\n .type(\"memberOf\")\n .expression(\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(aws_iam_role_policy.foo())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mongo:\n type: aws:ecs:Service\n properties:\n cluster: ${aws_ecs_cluster.foo.id}\n taskDefinition: ${aws_ecs_task_definition.mongo.arn}\n desiredCount: 3\n iamRole: ${aws_iam_role.foo.arn}\n orderedPlacementStrategies:\n - type: binpack\n field: cpu\n loadBalancers:\n - targetGroupArn: ${aws_lb_target_group.foo.arn}\n containerName: mongo\n containerPort: 8080\n placementConstraints:\n - type: memberOf\n expression: attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\n options:\n dependson:\n - ${aws_iam_role_policy.foo}\n```\n{{% /example %}}\n{{% example %}}\n### Ignoring Changes to Desired Count\n\nYou can use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to create an ECS service with an initial count of running instances, then ignore any changes to that count caused externally (e.g. Application Autoscaling).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configurations ...\nconst example = new aws.ecs.Service(\"example\", {desiredCount: 2});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configurations ...\nexample = aws.ecs.Service(\"example\", desired_count=2)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configurations ...\n var example = new Aws.Ecs.Service(\"example\", new()\n {\n DesiredCount = 2,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configurations ...\n\t\t_, err := ecs.NewService(ctx, \"example\", \u0026ecs.ServiceArgs{\n\t\t\tDesiredCount: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Service(\"example\", ServiceArgs.builder() \n .desiredCount(2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ecs:Service\n properties:\n # Example: Create service with 2 instances to start\n desiredCount: 2\n```\n{{% /example %}}\n{{% example %}}\n### Daemon Scheduling Strategy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.ecs.Service(\"bar\", {\n cluster: aws_ecs_cluster.foo.id,\n taskDefinition: aws_ecs_task_definition.bar.arn,\n schedulingStrategy: \"DAEMON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.ecs.Service(\"bar\",\n cluster=aws_ecs_cluster[\"foo\"][\"id\"],\n task_definition=aws_ecs_task_definition[\"bar\"][\"arn\"],\n scheduling_strategy=\"DAEMON\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bar = new Aws.Ecs.Service(\"bar\", new()\n {\n Cluster = aws_ecs_cluster.Foo.Id,\n TaskDefinition = aws_ecs_task_definition.Bar.Arn,\n SchedulingStrategy = \"DAEMON\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"bar\", \u0026ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Foo.Id),\n\t\t\tTaskDefinition: pulumi.Any(aws_ecs_task_definition.Bar.Arn),\n\t\t\tSchedulingStrategy: pulumi.String(\"DAEMON\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new Service(\"bar\", ServiceArgs.builder() \n .cluster(aws_ecs_cluster.foo().id())\n .taskDefinition(aws_ecs_task_definition.bar().arn())\n .schedulingStrategy(\"DAEMON\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bar:\n type: aws:ecs:Service\n properties:\n cluster: ${aws_ecs_cluster.foo.id}\n taskDefinition: ${aws_ecs_task_definition.bar.arn}\n schedulingStrategy: DAEMON\n```\n{{% /example %}}\n{{% example %}}\n### CloudWatch Deployment Alarms\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ecs.Service(\"example\", {\n cluster: aws_ecs_cluster.example.id,\n alarms: {\n enable: true,\n rollback: true,\n alarmNames: [aws_cloudwatch_metric_alarm.example.alarm_name],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ecs.Service(\"example\",\n cluster=aws_ecs_cluster[\"example\"][\"id\"],\n alarms=aws.ecs.ServiceAlarmsArgs(\n enable=True,\n rollback=True,\n alarm_names=[aws_cloudwatch_metric_alarm[\"example\"][\"alarm_name\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ecs.Service(\"example\", new()\n {\n Cluster = aws_ecs_cluster.Example.Id,\n Alarms = new Aws.Ecs.Inputs.ServiceAlarmsArgs\n {\n Enable = true,\n Rollback = true,\n AlarmNames = new[]\n {\n aws_cloudwatch_metric_alarm.Example.Alarm_name,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"example\", \u0026ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Example.Id),\n\t\t\tAlarms: \u0026ecs.ServiceAlarmsArgs{\n\t\t\t\tEnable: pulumi.Bool(true),\n\t\t\t\tRollback: pulumi.Bool(true),\n\t\t\t\tAlarmNames: pulumi.StringArray{\n\t\t\t\t\taws_cloudwatch_metric_alarm.Example.Alarm_name,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport com.pulumi.aws.ecs.inputs.ServiceAlarmsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Service(\"example\", ServiceArgs.builder() \n .cluster(aws_ecs_cluster.example().id())\n .alarms(ServiceAlarmsArgs.builder()\n .enable(true)\n .rollback(true)\n .alarmNames(aws_cloudwatch_metric_alarm.example().alarm_name())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ecs:Service\n properties:\n cluster: ${aws_ecs_cluster.example.id}\n alarms:\n enable: true\n rollback: true\n alarmNames:\n - ${aws_cloudwatch_metric_alarm.example.alarm_name}\n```\n{{% /example %}}\n{{% example %}}\n### External Deployment Controller\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ecs.Service(\"example\", {\n cluster: aws_ecs_cluster.example.id,\n deploymentController: {\n type: \"EXTERNAL\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ecs.Service(\"example\",\n cluster=aws_ecs_cluster[\"example\"][\"id\"],\n deployment_controller=aws.ecs.ServiceDeploymentControllerArgs(\n type=\"EXTERNAL\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ecs.Service(\"example\", new()\n {\n Cluster = aws_ecs_cluster.Example.Id,\n DeploymentController = new Aws.Ecs.Inputs.ServiceDeploymentControllerArgs\n {\n Type = \"EXTERNAL\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"example\", \u0026ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Example.Id),\n\t\t\tDeploymentController: \u0026ecs.ServiceDeploymentControllerArgs{\n\t\t\t\tType: pulumi.String(\"EXTERNAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.Service;\nimport com.pulumi.aws.ecs.ServiceArgs;\nimport com.pulumi.aws.ecs.inputs.ServiceDeploymentControllerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Service(\"example\", ServiceArgs.builder() \n .cluster(aws_ecs_cluster.example().id())\n .deploymentController(ServiceDeploymentControllerArgs.builder()\n .type(\"EXTERNAL\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ecs:Service\n properties:\n cluster: ${aws_ecs_cluster.example.id}\n deploymentController:\n type: EXTERNAL\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import ECS services using the `name` together with ecs cluster `name`. For example:\n\n```sh\n $ pulumi import aws:ecs/service:Service imported cluster-name/service-name\n```\n ", "properties": { "alarms": { "$ref": "#/types/aws:ecs/ServiceAlarms:ServiceAlarms", @@ -228343,7 +228343,7 @@ } }, "aws:eks/cluster:Cluster": { - "description": "Manages an EKS Cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nexport = async () =\u003e {\n const example = new aws.eks.Cluster(\"example\", {\n roleArn: aws_iam_role.example.arn,\n vpcConfig: {\n subnetIds: [\n aws_subnet.example1.id,\n aws_subnet.example2.id,\n ],\n },\n }, {\n dependsOn: [\n aws_iam_role_policy_attachment[\"example-AmazonEKSClusterPolicy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEKSVPCResourceController\"],\n ],\n });\n return {\n endpoint: example.endpoint,\n \"kubeconfig-certificate-authority-data\": example.certificateAuthority.apply(certificateAuthority =\u003e certificateAuthority.data),\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.eks.Cluster(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n subnet_ids=[\n aws_subnet[\"example1\"][\"id\"],\n aws_subnet[\"example2\"][\"id\"],\n ],\n ),\n opts=pulumi.ResourceOptions(depends_on=[\n aws_iam_role_policy_attachment[\"example-AmazonEKSClusterPolicy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEKSVPCResourceController\"],\n ]))\npulumi.export(\"endpoint\", example.endpoint)\npulumi.export(\"kubeconfig-certificate-authority-data\", example.certificate_authority.data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n SubnetIds = new[]\n {\n aws_subnet.Example1.Id,\n aws_subnet.Example2.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_role_policy_attachment.Example_AmazonEKSClusterPolicy,\n aws_iam_role_policy_attachment.Example_AmazonEKSVPCResourceController,\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"endpoint\"] = example.Endpoint,\n [\"kubeconfig-certificate-authority-data\"] = example.CertificateAuthority.Apply(certificateAuthority =\u003e certificateAuthority.Data),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taws_subnet.Example1.Id,\n\t\t\t\t\taws_subnet.Example2.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_role_policy_attachment.ExampleAmazonEKSClusterPolicy,\n\t\t\taws_iam_role_policy_attachment.ExampleAmazonEKSVPCResourceController,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"endpoint\", example.Endpoint)\n\t\tctx.Export(\"kubeconfig-certificate-authority-data\", example.CertificateAuthority.ApplyT(func(certificateAuthority eks.ClusterCertificateAuthority) (*string, error) {\n\t\t\treturn \u0026certificateAuthority.Data, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .subnetIds( \n aws_subnet.example1().id(),\n aws_subnet.example2().id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy(),\n aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController())\n .build());\n\n ctx.export(\"endpoint\", example.endpoint());\n ctx.export(\"kubeconfig-certificate-authority-data\", example.certificateAuthority().applyValue(certificateAuthority -\u003e certificateAuthority.data()));\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n roleArn: ${aws_iam_role.example.arn}\n vpcConfig:\n subnetIds:\n - ${aws_subnet.example1.id}\n - ${aws_subnet.example2.id}\n options:\n dependson:\n - ${aws_iam_role_policy_attachment\"example-AmazonEKSClusterPolicy\"[%!s(MISSING)]}\n - ${aws_iam_role_policy_attachment\"example-AmazonEKSVPCResourceController\"[%!s(MISSING)]}\noutputs:\n endpoint: ${example.endpoint}\n kubeconfig-certificate-authority-data: ${example.certificateAuthority.data}\n```\n{{% /example %}}\n{{% example %}}\n### Example IAM Role for EKS Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"eks.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst example_AmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role: example.name,\n});\n// Optionally, enable Security Groups for Pods\n// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nconst example_AmazonEKSVPCResourceController = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"eks.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\", assume_role_policy=assume_role.json)\nexample__amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role=example.name)\n# Optionally, enable Security Groups for Pods\n# Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nexample__amazon_eksvpc_resource_controller = aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"eks.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example_AmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n Role = example.Name,\n });\n\n // Optionally, enable Security Groups for Pods\n // Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n var example_AmazonEKSVPCResourceController = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n Role = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"eks.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSVPCResourceController\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"eks.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example_AmazonEKSClusterPolicy = new RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\")\n .role(example.name())\n .build());\n\n var example_AmazonEKSVPCResourceController = new RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\")\n .role(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n example-AmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${example.name}\n # Optionally, enable Security Groups for Pods\n # Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n example-AmazonEKSVPCResourceController:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\n role: ${example.name}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - eks.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n{{% /example %}}\n{{% example %}}\n### Enabling Control Plane Logging\n\n[EKS Control Plane Logging](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) can be enabled via the `enabled_cluster_log_types` argument. To manage the CloudWatch Log Group retention period, the `aws.cloudwatch.LogGroup` resource can be used.\n\n\u003e The below configuration uses [`dependsOn`](https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson) to prevent ordering issues with EKS automatically creating the log group first and a variable for naming consistency. Other ordering and naming methodologies may be more appropriate for your environment.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst clusterName = config.get(\"clusterName\") || \"example\";\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {retentionInDays: 7});\n// ... potentially other configuration ...\nconst exampleCluster = new aws.eks.Cluster(\"exampleCluster\", {enabledClusterLogTypes: [\n \"api\",\n \"audit\",\n]}, {\n dependsOn: [exampleLogGroup],\n});\n// ... other configuration ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ncluster_name = config.get(\"clusterName\")\nif cluster_name is None:\n cluster_name = \"example\"\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\", retention_in_days=7)\n# ... potentially other configuration ...\nexample_cluster = aws.eks.Cluster(\"exampleCluster\", enabled_cluster_log_types=[\n \"api\",\n \"audit\",\n],\nopts=pulumi.ResourceOptions(depends_on=[example_log_group]))\n# ... other configuration ...\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var clusterName = config.Get(\"clusterName\") ?? \"example\";\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new()\n {\n RetentionInDays = 7,\n });\n\n // ... potentially other configuration ...\n var exampleCluster = new Aws.Eks.Cluster(\"exampleCluster\", new()\n {\n EnabledClusterLogTypes = new[]\n {\n \"api\",\n \"audit\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleLogGroup,\n },\n });\n\n // ... other configuration ...\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tclusterName := \"example\"\n\t\tif param := cfg.Get(\"clusterName\"); param != \"\" {\n\t\t\tclusterName = param\n\t\t}\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"exampleCluster\", \u0026eks.ClusterArgs{\n\t\t\tEnabledClusterLogTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"api\"),\n\t\t\t\tpulumi.String(\"audit\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleLogGroup,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var clusterName = config.get(\"clusterName\").orElse(\"example\");\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .retentionInDays(7)\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .enabledClusterLogTypes( \n \"api\",\n \"audit\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleLogGroup)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n clusterName:\n type: string\n default: example\nresources:\n exampleCluster:\n type: aws:eks:Cluster\n properties:\n enabledClusterLogTypes:\n - api\n - audit\n options:\n dependson:\n - ${exampleLogGroup}\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n properties:\n retentionInDays: 7\n```\n{{% /example %}}\n{{% example %}}\n### EKS Cluster on AWS Outpost\n\n[Creating a local Amazon EKS cluster on an AWS Outpost](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster-outpost.html)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: data.aws_iam_policy_document.example_assume_role_policy.json});\nconst exampleCluster = new aws.eks.Cluster(\"exampleCluster\", {\n roleArn: exampleRole.arn,\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n },\n outpostConfig: {\n controlPlaneInstanceType: \"m5d.large\",\n outpostArns: [data.aws_outposts_outpost.example.arn],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=data[\"aws_iam_policy_document\"][\"example_assume_role_policy\"][\"json\"])\nexample_cluster = aws.eks.Cluster(\"exampleCluster\",\n role_arn=example_role.arn,\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n endpoint_private_access=True,\n endpoint_public_access=False,\n ),\n outpost_config=aws.eks.ClusterOutpostConfigArgs(\n control_plane_instance_type=\"m5d.large\",\n outpost_arns=[data[\"aws_outposts_outpost\"][\"example\"][\"arn\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = data.Aws_iam_policy_document.Example_assume_role_policy.Json,\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"exampleCluster\", new()\n {\n RoleArn = exampleRole.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n },\n OutpostConfig = new Aws.Eks.Inputs.ClusterOutpostConfigArgs\n {\n ControlPlaneInstanceType = \"m5d.large\",\n OutpostArns = new[]\n {\n data.Aws_outposts_outpost.Example.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(data.Aws_iam_policy_document.Example_assume_role_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"exampleCluster\", \u0026eks.ClusterArgs{\n\t\t\tRoleArn: exampleRole.Arn,\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t\tOutpostConfig: \u0026eks.ClusterOutpostConfigArgs{\n\t\t\t\tControlPlaneInstanceType: pulumi.String(\"m5d.large\"),\n\t\t\t\tOutpostArns: pulumi.StringArray{\n\t\t\t\t\tdata.Aws_outposts_outpost.Example.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterOutpostConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(data.aws_iam_policy_document().example_assume_role_policy().json())\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .roleArn(exampleRole.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .build())\n .outpostConfig(ClusterOutpostConfigArgs.builder()\n .controlPlaneInstanceType(\"m5d.large\")\n .outpostArns(data.aws_outposts_outpost().example().arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${data.aws_iam_policy_document.example_assume_role_policy.json}\n exampleCluster:\n type: aws:eks:Cluster\n properties:\n roleArn: ${exampleRole.arn}\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n outpostConfig:\n controlPlaneInstanceType: m5d.large\n outpostArns:\n - ${data.aws_outposts_outpost.example.arn}\n```\n{{% /example %}}\n{{% example %}}\n### EKS Cluster with Access Config\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: data.aws_iam_policy_document.example_assume_role_policy.json});\nconst exampleCluster = new aws.eks.Cluster(\"exampleCluster\", {\n roleArn: exampleRole.arn,\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n },\n accessConfig: {\n authenticationMode: \"CONFIG_MAP\",\n bootstrapClusterCreatorAdminPermissions: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=data[\"aws_iam_policy_document\"][\"example_assume_role_policy\"][\"json\"])\nexample_cluster = aws.eks.Cluster(\"exampleCluster\",\n role_arn=example_role.arn,\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n endpoint_private_access=True,\n endpoint_public_access=False,\n ),\n access_config=aws.eks.ClusterAccessConfigArgs(\n authentication_mode=\"CONFIG_MAP\",\n bootstrap_cluster_creator_admin_permissions=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = data.Aws_iam_policy_document.Example_assume_role_policy.Json,\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"exampleCluster\", new()\n {\n RoleArn = exampleRole.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n },\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"CONFIG_MAP\",\n BootstrapClusterCreatorAdminPermissions = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(data.Aws_iam_policy_document.Example_assume_role_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"exampleCluster\", \u0026eks.ClusterArgs{\n\t\t\tRoleArn: exampleRole.Arn,\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"CONFIG_MAP\"),\n\t\t\t\tBootstrapClusterCreatorAdminPermissions: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(data.aws_iam_policy_document().example_assume_role_policy().json())\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .roleArn(exampleRole.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .build())\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"CONFIG_MAP\")\n .bootstrapClusterCreatorAdminPermissions(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${data.aws_iam_policy_document.example_assume_role_policy.json}\n exampleCluster:\n type: aws:eks:Cluster\n properties:\n roleArn: ${exampleRole.arn}\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n accessConfig:\n authenticationMode: CONFIG_MAP\n bootstrapClusterCreatorAdminPermissions: true\n```\n\nAfter adding inline IAM Policies (e.g., `aws.iam.RolePolicy` resource) or attaching IAM Policies (e.g., `aws.iam.Policy` resource and `aws.iam.RolePolicyAttachment` resource) with the desired permissions to the IAM Role, annotate the Kubernetes service account (e.g., `kubernetes_service_account` resource) and recreate any pods.\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import EKS Clusters using the `name`. For example:\n\n```sh\n $ pulumi import aws:eks/cluster:Cluster my_cluster my_cluster\n```\n ", + "description": "Manages an EKS Cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nexport = async () =\u003e {\n const example = new aws.eks.Cluster(\"example\", {\n roleArn: aws_iam_role.example.arn,\n vpcConfig: {\n subnetIds: [\n aws_subnet.example1.id,\n aws_subnet.example2.id,\n ],\n },\n }, {\n dependsOn: [\n aws_iam_role_policy_attachment[\"example-AmazonEKSClusterPolicy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEKSVPCResourceController\"],\n ],\n });\n return {\n endpoint: example.endpoint,\n \"kubeconfig-certificate-authority-data\": example.certificateAuthority.apply(certificateAuthority =\u003e certificateAuthority.data),\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.eks.Cluster(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n subnet_ids=[\n aws_subnet[\"example1\"][\"id\"],\n aws_subnet[\"example2\"][\"id\"],\n ],\n ),\n opts=pulumi.ResourceOptions(depends_on=[\n aws_iam_role_policy_attachment[\"example-AmazonEKSClusterPolicy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEKSVPCResourceController\"],\n ]))\npulumi.export(\"endpoint\", example.endpoint)\npulumi.export(\"kubeconfig-certificate-authority-data\", example.certificate_authority.data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Eks.Cluster(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n SubnetIds = new[]\n {\n aws_subnet.Example1.Id,\n aws_subnet.Example2.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_role_policy_attachment.Example_AmazonEKSClusterPolicy,\n aws_iam_role_policy_attachment.Example_AmazonEKSVPCResourceController,\n },\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"endpoint\"] = example.Endpoint,\n [\"kubeconfig-certificate-authority-data\"] = example.CertificateAuthority.Apply(certificateAuthority =\u003e certificateAuthority.Data),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := eks.NewCluster(ctx, \"example\", \u0026eks.ClusterArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taws_subnet.Example1.Id,\n\t\t\t\t\taws_subnet.Example2.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_role_policy_attachment.ExampleAmazonEKSClusterPolicy,\n\t\t\taws_iam_role_policy_attachment.ExampleAmazonEKSVPCResourceController,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"endpoint\", example.Endpoint)\n\t\tctx.Export(\"kubeconfig-certificate-authority-data\", example.CertificateAuthority.ApplyT(func(certificateAuthority eks.ClusterCertificateAuthority) (*string, error) {\n\t\t\treturn \u0026certificateAuthority.Data, nil\n\t\t}).(pulumi.StringPtrOutput))\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .subnetIds( \n aws_subnet.example1().id(),\n aws_subnet.example2().id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy(),\n aws_iam_role_policy_attachment.example-AmazonEKSVPCResourceController())\n .build());\n\n ctx.export(\"endpoint\", example.endpoint());\n ctx.export(\"kubeconfig-certificate-authority-data\", example.certificateAuthority().applyValue(certificateAuthority -\u003e certificateAuthority.data()));\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:Cluster\n properties:\n roleArn: ${aws_iam_role.example.arn}\n vpcConfig:\n subnetIds:\n - ${aws_subnet.example1.id}\n - ${aws_subnet.example2.id}\n options:\n dependson:\n - ${aws_iam_role_policy_attachment\"example-AmazonEKSClusterPolicy\"[%!s(MISSING)]}\n - ${aws_iam_role_policy_attachment\"example-AmazonEKSVPCResourceController\"[%!s(MISSING)]}\noutputs:\n endpoint: ${example.endpoint}\n kubeconfig-certificate-authority-data: ${example.certificateAuthority.data}\n```\n{{% /example %}}\n{{% example %}}\n### Example IAM Role for EKS Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"eks.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst example_AmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role: example.name,\n});\n// Optionally, enable Security Groups for Pods\n// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nconst example_AmazonEKSVPCResourceController = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"eks.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nexample = aws.iam.Role(\"example\", assume_role_policy=assume_role.json)\nexample__amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role=example.name)\n# Optionally, enable Security Groups for Pods\n# Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nexample__amazon_eksvpc_resource_controller = aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"eks.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var example_AmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n Role = example.Name,\n });\n\n // Optionally, enable Security Groups for Pods\n // Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n var example_AmazonEKSVPCResourceController = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n Role = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"eks.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSClusterPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Optionally, enable Security Groups for Pods\n\t\t// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSVPCResourceController\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"eks.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var example_AmazonEKSClusterPolicy = new RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\")\n .role(example.name())\n .build());\n\n var example_AmazonEKSVPCResourceController = new RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\")\n .role(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n example-AmazonEKSClusterPolicy:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\n role: ${example.name}\n # Optionally, enable Security Groups for Pods\n # Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n example-AmazonEKSVPCResourceController:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\n role: ${example.name}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - eks.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n{{% /example %}}\n{{% example %}}\n### Enabling Control Plane Logging\n\n[EKS Control Plane Logging](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) can be enabled via the `enabled_cluster_log_types` argument. To manage the CloudWatch Log Group retention period, the `aws.cloudwatch.LogGroup` resource can be used.\n\n\u003e The below configuration uses [`dependsOn`](https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson) to prevent ordering issues with EKS automatically creating the log group first and a variable for naming consistency. Other ordering and naming methodologies may be more appropriate for your environment.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst clusterName = config.get(\"clusterName\") || \"example\";\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {retentionInDays: 7});\n// ... potentially other configuration ...\nconst exampleCluster = new aws.eks.Cluster(\"exampleCluster\", {enabledClusterLogTypes: [\n \"api\",\n \"audit\",\n]}, {\n dependsOn: [exampleLogGroup],\n});\n// ... other configuration ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ncluster_name = config.get(\"clusterName\")\nif cluster_name is None:\n cluster_name = \"example\"\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\", retention_in_days=7)\n# ... potentially other configuration ...\nexample_cluster = aws.eks.Cluster(\"exampleCluster\", enabled_cluster_log_types=[\n \"api\",\n \"audit\",\n],\nopts=pulumi.ResourceOptions(depends_on=[example_log_group]))\n# ... other configuration ...\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var clusterName = config.Get(\"clusterName\") ?? \"example\";\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new()\n {\n RetentionInDays = 7,\n });\n\n // ... potentially other configuration ...\n var exampleCluster = new Aws.Eks.Cluster(\"exampleCluster\", new()\n {\n EnabledClusterLogTypes = new[]\n {\n \"api\",\n \"audit\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleLogGroup,\n },\n });\n\n // ... other configuration ...\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tclusterName := \"example\"\n\t\tif param := cfg.Get(\"clusterName\"); param != \"\" {\n\t\t\tclusterName = param\n\t\t}\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"exampleCluster\", \u0026eks.ClusterArgs{\n\t\t\tEnabledClusterLogTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"api\"),\n\t\t\t\tpulumi.String(\"audit\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleLogGroup,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var clusterName = config.get(\"clusterName\").orElse(\"example\");\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .retentionInDays(7)\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .enabledClusterLogTypes( \n \"api\",\n \"audit\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleLogGroup)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n clusterName:\n type: string\n default: example\nresources:\n exampleCluster:\n type: aws:eks:Cluster\n properties:\n enabledClusterLogTypes:\n - api\n - audit\n options:\n dependson:\n - ${exampleLogGroup}\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n properties:\n retentionInDays: 7\n```\n{{% /example %}}\n{{% example %}}\n### EKS Cluster on AWS Outpost\n\n[Creating a local Amazon EKS cluster on an AWS Outpost](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster-outpost.html)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: data.aws_iam_policy_document.example_assume_role_policy.json});\nconst exampleCluster = new aws.eks.Cluster(\"exampleCluster\", {\n roleArn: exampleRole.arn,\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n },\n outpostConfig: {\n controlPlaneInstanceType: \"m5d.large\",\n outpostArns: [data.aws_outposts_outpost.example.arn],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=data[\"aws_iam_policy_document\"][\"example_assume_role_policy\"][\"json\"])\nexample_cluster = aws.eks.Cluster(\"exampleCluster\",\n role_arn=example_role.arn,\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n endpoint_private_access=True,\n endpoint_public_access=False,\n ),\n outpost_config=aws.eks.ClusterOutpostConfigArgs(\n control_plane_instance_type=\"m5d.large\",\n outpost_arns=[data[\"aws_outposts_outpost\"][\"example\"][\"arn\"]],\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = data.Aws_iam_policy_document.Example_assume_role_policy.Json,\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"exampleCluster\", new()\n {\n RoleArn = exampleRole.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n },\n OutpostConfig = new Aws.Eks.Inputs.ClusterOutpostConfigArgs\n {\n ControlPlaneInstanceType = \"m5d.large\",\n OutpostArns = new[]\n {\n data.Aws_outposts_outpost.Example.Arn,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(data.Aws_iam_policy_document.Example_assume_role_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"exampleCluster\", \u0026eks.ClusterArgs{\n\t\t\tRoleArn: exampleRole.Arn,\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t\tOutpostConfig: \u0026eks.ClusterOutpostConfigArgs{\n\t\t\t\tControlPlaneInstanceType: pulumi.String(\"m5d.large\"),\n\t\t\t\tOutpostArns: pulumi.StringArray{\n\t\t\t\t\tdata.Aws_outposts_outpost.Example.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterOutpostConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(data.aws_iam_policy_document().example_assume_role_policy().json())\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .roleArn(exampleRole.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .build())\n .outpostConfig(ClusterOutpostConfigArgs.builder()\n .controlPlaneInstanceType(\"m5d.large\")\n .outpostArns(data.aws_outposts_outpost().example().arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${data.aws_iam_policy_document.example_assume_role_policy.json}\n exampleCluster:\n type: aws:eks:Cluster\n properties:\n roleArn: ${exampleRole.arn}\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n outpostConfig:\n controlPlaneInstanceType: m5d.large\n outpostArns:\n - ${data.aws_outposts_outpost.example.arn}\n```\n{{% /example %}}\n{{% example %}}\n### EKS Cluster with Access Config\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: data.aws_iam_policy_document.example_assume_role_policy.json});\nconst exampleCluster = new aws.eks.Cluster(\"exampleCluster\", {\n roleArn: exampleRole.arn,\n vpcConfig: {\n endpointPrivateAccess: true,\n endpointPublicAccess: false,\n },\n accessConfig: {\n authenticationMode: \"CONFIG_MAP\",\n bootstrapClusterCreatorAdminPermissions: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=data[\"aws_iam_policy_document\"][\"example_assume_role_policy\"][\"json\"])\nexample_cluster = aws.eks.Cluster(\"exampleCluster\",\n role_arn=example_role.arn,\n vpc_config=aws.eks.ClusterVpcConfigArgs(\n endpoint_private_access=True,\n endpoint_public_access=False,\n ),\n access_config=aws.eks.ClusterAccessConfigArgs(\n authentication_mode=\"CONFIG_MAP\",\n bootstrap_cluster_creator_admin_permissions=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new()\n {\n AssumeRolePolicy = data.Aws_iam_policy_document.Example_assume_role_policy.Json,\n });\n\n var exampleCluster = new Aws.Eks.Cluster(\"exampleCluster\", new()\n {\n RoleArn = exampleRole.Arn,\n VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs\n {\n EndpointPrivateAccess = true,\n EndpointPublicAccess = false,\n },\n AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs\n {\n AuthenticationMode = \"CONFIG_MAP\",\n BootstrapClusterCreatorAdminPermissions = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(data.Aws_iam_policy_document.Example_assume_role_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"exampleCluster\", \u0026eks.ClusterArgs{\n\t\t\tRoleArn: exampleRole.Arn,\n\t\t\tVpcConfig: \u0026eks.ClusterVpcConfigArgs{\n\t\t\t\tEndpointPrivateAccess: pulumi.Bool(true),\n\t\t\t\tEndpointPublicAccess: pulumi.Bool(false),\n\t\t\t},\n\t\t\tAccessConfig: \u0026eks.ClusterAccessConfigArgs{\n\t\t\t\tAuthenticationMode: pulumi.String(\"CONFIG_MAP\"),\n\t\t\t\tBootstrapClusterCreatorAdminPermissions: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.eks.Cluster;\nimport com.pulumi.aws.eks.ClusterArgs;\nimport com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;\nimport com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleRole = new Role(\"exampleRole\", RoleArgs.builder() \n .assumeRolePolicy(data.aws_iam_policy_document().example_assume_role_policy().json())\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .roleArn(exampleRole.arn())\n .vpcConfig(ClusterVpcConfigArgs.builder()\n .endpointPrivateAccess(true)\n .endpointPublicAccess(false)\n .build())\n .accessConfig(ClusterAccessConfigArgs.builder()\n .authenticationMode(\"CONFIG_MAP\")\n .bootstrapClusterCreatorAdminPermissions(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${data.aws_iam_policy_document.example_assume_role_policy.json}\n exampleCluster:\n type: aws:eks:Cluster\n properties:\n roleArn: ${exampleRole.arn}\n vpcConfig:\n endpointPrivateAccess: true\n endpointPublicAccess: false\n accessConfig:\n authenticationMode: CONFIG_MAP\n bootstrapClusterCreatorAdminPermissions: true\n```\n\nAfter adding inline IAM Policies (e.g., `aws.iam.RolePolicy` resource) or attaching IAM Policies (e.g., `aws.iam.Policy` resource and `aws.iam.RolePolicyAttachment` resource) with the desired permissions to the IAM Role, annotate the Kubernetes service account (e.g., `kubernetes_service_account` resource) and recreate any pods.\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import EKS Clusters using the `name`. For example:\n\n```sh\n $ pulumi import aws:eks/cluster:Cluster my_cluster my_cluster\n```\n ", "properties": { "accessConfig": { "$ref": "#/types/aws:eks/ClusterAccessConfig:ClusterAccessConfig", @@ -228915,7 +228915,7 @@ } }, "aws:eks/nodeGroup:NodeGroup": { - "description": "Manages an EKS Node Group, which can provision and optionally update an Auto Scaling Group of Kubernetes worker nodes compatible with EKS. Additional documentation about this functionality can be found in the [EKS User Guide](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.eks.NodeGroup(\"example\", {\n clusterName: aws_eks_cluster.example.name,\n nodeRoleArn: aws_iam_role.example.arn,\n subnetIds: aws_subnet.example.map(__item =\u003e __item.id),\n scalingConfig: {\n desiredSize: 1,\n maxSize: 2,\n minSize: 1,\n },\n updateConfig: {\n maxUnavailable: 1,\n },\n}, {\n dependsOn: [\n aws_iam_role_policy_attachment[\"example-AmazonEKSWorkerNodePolicy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEKS_CNI_Policy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEC2ContainerRegistryReadOnly\"],\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.eks.NodeGroup(\"example\",\n cluster_name=aws_eks_cluster[\"example\"][\"name\"],\n node_role_arn=aws_iam_role[\"example\"][\"arn\"],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"example\"]],\n scaling_config=aws.eks.NodeGroupScalingConfigArgs(\n desired_size=1,\n max_size=2,\n min_size=1,\n ),\n update_config=aws.eks.NodeGroupUpdateConfigArgs(\n max_unavailable=1,\n ),\n opts=pulumi.ResourceOptions(depends_on=[\n aws_iam_role_policy_attachment[\"example-AmazonEKSWorkerNodePolicy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEKS_CNI_Policy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEC2ContainerRegistryReadOnly\"],\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Eks.NodeGroup(\"example\", new()\n {\n ClusterName = aws_eks_cluster.Example.Name,\n NodeRoleArn = aws_iam_role.Example.Arn,\n SubnetIds = aws_subnet.Example.Select(__item =\u003e __item.Id).ToList(),\n ScalingConfig = new Aws.Eks.Inputs.NodeGroupScalingConfigArgs\n {\n DesiredSize = 1,\n MaxSize = 2,\n MinSize = 1,\n },\n UpdateConfig = new Aws.Eks.Inputs.NodeGroupUpdateConfigArgs\n {\n MaxUnavailable = 1,\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_role_policy_attachment.Example_AmazonEKSWorkerNodePolicy,\n aws_iam_role_policy_attachment.Example_AmazonEKS_CNI_Policy,\n aws_iam_role_policy_attachment.Example_AmazonEC2ContainerRegistryReadOnly,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nvar splat0 []interface{}\nfor _, val0 := range aws_subnet.Example {\nsplat0 = append(splat0, val0.Id)\n}\n_, err := eks.NewNodeGroup(ctx, \"example\", \u0026eks.NodeGroupArgs{\nClusterName: pulumi.Any(aws_eks_cluster.Example.Name),\nNodeRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nSubnetIds: toPulumiArray(splat0),\nScalingConfig: \u0026eks.NodeGroupScalingConfigArgs{\nDesiredSize: pulumi.Int(1),\nMaxSize: pulumi.Int(2),\nMinSize: pulumi.Int(1),\n},\nUpdateConfig: \u0026eks.NodeGroupUpdateConfigArgs{\nMaxUnavailable: pulumi.Int(1),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\naws_iam_role_policy_attachment.ExampleAmazonEKSWorkerNodePolicy,\naws_iam_role_policy_attachment.ExampleAmazonEKS_CNI_Policy,\naws_iam_role_policy_attachment.ExampleAmazonEC2ContainerRegistryReadOnly,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.NodeGroup;\nimport com.pulumi.aws.eks.NodeGroupArgs;\nimport com.pulumi.aws.eks.inputs.NodeGroupScalingConfigArgs;\nimport com.pulumi.aws.eks.inputs.NodeGroupUpdateConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new NodeGroup(\"example\", NodeGroupArgs.builder() \n .clusterName(aws_eks_cluster.example().name())\n .nodeRoleArn(aws_iam_role.example().arn())\n .subnetIds(aws_subnet.example().stream().map(element -\u003e element.id()).collect(toList()))\n .scalingConfig(NodeGroupScalingConfigArgs.builder()\n .desiredSize(1)\n .maxSize(2)\n .minSize(1)\n .build())\n .updateConfig(NodeGroupUpdateConfigArgs.builder()\n .maxUnavailable(1)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy(),\n aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy(),\n aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Ignoring Changes to Desired Size\n\nYou can utilize [ignoreChanges](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) create an EKS Node Group with an initial size of running instances, then ignore any changes to that count caused externally (e.g. Application Autoscaling).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configurations ...\nconst example = new aws.eks.NodeGroup(\"example\", {scalingConfig: {\n desiredSize: 2,\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configurations ...\nexample = aws.eks.NodeGroup(\"example\", scaling_config=aws.eks.NodeGroupScalingConfigArgs(\n desired_size=2,\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configurations ...\n var example = new Aws.Eks.NodeGroup(\"example\", new()\n {\n ScalingConfig = new Aws.Eks.Inputs.NodeGroupScalingConfigArgs\n {\n DesiredSize = 2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := eks.NewNodeGroup(ctx, \"example\", \u0026eks.NodeGroupArgs{\n\t\t\tScalingConfig: \u0026eks.NodeGroupScalingConfigArgs{\n\t\t\t\tDesiredSize: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.NodeGroup;\nimport com.pulumi.aws.eks.NodeGroupArgs;\nimport com.pulumi.aws.eks.inputs.NodeGroupScalingConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new NodeGroup(\"example\", NodeGroupArgs.builder() \n .scalingConfig(NodeGroupScalingConfigArgs.builder()\n .desiredSize(2)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:NodeGroup\n properties:\n scalingConfig:\n desiredSize: 2\n```\n{{% /example %}}\n{{% example %}}\n### Example IAM Role for EKS Node Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {assumeRolePolicy: JSON.stringify({\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Principal: {\n Service: \"ec2.amazonaws.com\",\n },\n }],\n Version: \"2012-10-17\",\n})});\nconst example_AmazonEKSWorkerNodePolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\n role: example.name,\n});\nconst example_AmazonEKSCNIPolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\n role: example.name,\n});\nconst example_AmazonEC2ContainerRegistryReadOnly = new aws.iam.RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\", assume_role_policy=json.dumps({\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\",\n },\n }],\n \"Version\": \"2012-10-17\",\n}))\nexample__amazon_eks_worker_node_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\n role=example.name)\nexample__amazon_ekscni_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\n role=example.name)\nexample__amazon_ec2_container_registry_read_only = aws.iam.RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = \"sts:AssumeRole\",\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"ec2.amazonaws.com\",\n },\n },\n },\n [\"Version\"] = \"2012-10-17\",\n }),\n });\n\n var example_AmazonEKSWorkerNodePolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\n Role = example.Name,\n });\n\n var example_AmazonEKSCNIPolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\n Role = example.Name,\n });\n\n var example_AmazonEC2ContainerRegistryReadOnly = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\n Role = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSWorkerNodePolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSCNIPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEC2ContainerRegistryReadOnly\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", \"sts:AssumeRole\"),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"ec2.amazonaws.com\")\n ))\n ))),\n jsonProperty(\"Version\", \"2012-10-17\")\n )))\n .build());\n\n var example_AmazonEKSWorkerNodePolicy = new RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\")\n .role(example.name())\n .build());\n\n var example_AmazonEKSCNIPolicy = new RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\")\n .role(example.name())\n .build());\n\n var example_AmazonEC2ContainerRegistryReadOnly = new RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\")\n .role(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy:\n fn::toJSON:\n Statement:\n - Action: sts:AssumeRole\n Effect: Allow\n Principal:\n Service: ec2.amazonaws.com\n Version: 2012-10-17\n example-AmazonEKSWorkerNodePolicy:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\n role: ${example.name}\n example-AmazonEKSCNIPolicy:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\n role: ${example.name}\n example-AmazonEC2ContainerRegistryReadOnly:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\n role: ${example.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import EKS Node Groups using the `cluster_name` and `node_group_name` separated by a colon (`:`). For example:\n\n```sh\n $ pulumi import aws:eks/nodeGroup:NodeGroup my_node_group my_cluster:my_node_group\n```\n ", + "description": "Manages an EKS Node Group, which can provision and optionally update an Auto Scaling Group of Kubernetes worker nodes compatible with EKS. Additional documentation about this functionality can be found in the [EKS User Guide](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.eks.NodeGroup(\"example\", {\n clusterName: aws_eks_cluster.example.name,\n nodeRoleArn: aws_iam_role.example.arn,\n subnetIds: aws_subnet.example.map(__item =\u003e __item.id),\n scalingConfig: {\n desiredSize: 1,\n maxSize: 2,\n minSize: 1,\n },\n updateConfig: {\n maxUnavailable: 1,\n },\n}, {\n dependsOn: [\n aws_iam_role_policy_attachment[\"example-AmazonEKSWorkerNodePolicy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEKS_CNI_Policy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEC2ContainerRegistryReadOnly\"],\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.eks.NodeGroup(\"example\",\n cluster_name=aws_eks_cluster[\"example\"][\"name\"],\n node_role_arn=aws_iam_role[\"example\"][\"arn\"],\n subnet_ids=[__item[\"id\"] for __item in aws_subnet[\"example\"]],\n scaling_config=aws.eks.NodeGroupScalingConfigArgs(\n desired_size=1,\n max_size=2,\n min_size=1,\n ),\n update_config=aws.eks.NodeGroupUpdateConfigArgs(\n max_unavailable=1,\n ),\n opts=pulumi.ResourceOptions(depends_on=[\n aws_iam_role_policy_attachment[\"example-AmazonEKSWorkerNodePolicy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEKS_CNI_Policy\"],\n aws_iam_role_policy_attachment[\"example-AmazonEC2ContainerRegistryReadOnly\"],\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Eks.NodeGroup(\"example\", new()\n {\n ClusterName = aws_eks_cluster.Example.Name,\n NodeRoleArn = aws_iam_role.Example.Arn,\n SubnetIds = aws_subnet.Example.Select(__item =\u003e __item.Id).ToList(),\n ScalingConfig = new Aws.Eks.Inputs.NodeGroupScalingConfigArgs\n {\n DesiredSize = 1,\n MaxSize = 2,\n MinSize = 1,\n },\n UpdateConfig = new Aws.Eks.Inputs.NodeGroupUpdateConfigArgs\n {\n MaxUnavailable = 1,\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n aws_iam_role_policy_attachment.Example_AmazonEKSWorkerNodePolicy,\n aws_iam_role_policy_attachment.Example_AmazonEKS_CNI_Policy,\n aws_iam_role_policy_attachment.Example_AmazonEC2ContainerRegistryReadOnly,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nvar splat0 []interface{}\nfor _, val0 := range aws_subnet.Example {\nsplat0 = append(splat0, val0.Id)\n}\n_, err := eks.NewNodeGroup(ctx, \"example\", \u0026eks.NodeGroupArgs{\nClusterName: pulumi.Any(aws_eks_cluster.Example.Name),\nNodeRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\nSubnetIds: toPulumiArray(splat0),\nScalingConfig: \u0026eks.NodeGroupScalingConfigArgs{\nDesiredSize: pulumi.Int(1),\nMaxSize: pulumi.Int(2),\nMinSize: pulumi.Int(1),\n},\nUpdateConfig: \u0026eks.NodeGroupUpdateConfigArgs{\nMaxUnavailable: pulumi.Int(1),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\naws_iam_role_policy_attachment.ExampleAmazonEKSWorkerNodePolicy,\naws_iam_role_policy_attachment.ExampleAmazonEKS_CNI_Policy,\naws_iam_role_policy_attachment.ExampleAmazonEC2ContainerRegistryReadOnly,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\nfunc toPulumiArray(arr []) pulumi.Array {\nvar pulumiArr pulumi.Array\nfor _, v := range arr {\npulumiArr = append(pulumiArr, pulumi.(v))\n}\nreturn pulumiArr\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.NodeGroup;\nimport com.pulumi.aws.eks.NodeGroupArgs;\nimport com.pulumi.aws.eks.inputs.NodeGroupScalingConfigArgs;\nimport com.pulumi.aws.eks.inputs.NodeGroupUpdateConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new NodeGroup(\"example\", NodeGroupArgs.builder() \n .clusterName(aws_eks_cluster.example().name())\n .nodeRoleArn(aws_iam_role.example().arn())\n .subnetIds(aws_subnet.example().stream().map(element -\u003e element.id()).collect(toList()))\n .scalingConfig(NodeGroupScalingConfigArgs.builder()\n .desiredSize(1)\n .maxSize(2)\n .minSize(1)\n .build())\n .updateConfig(NodeGroupUpdateConfigArgs.builder()\n .maxUnavailable(1)\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy(),\n aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy(),\n aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly())\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### Ignoring Changes to Desired Size\n\nYou can utilize [ignoreChanges](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) create an EKS Node Group with an initial size of running instances, then ignore any changes to that count caused externally (e.g. Application Autoscaling).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configurations ...\nconst example = new aws.eks.NodeGroup(\"example\", {scalingConfig: {\n desiredSize: 2,\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configurations ...\nexample = aws.eks.NodeGroup(\"example\", scaling_config=aws.eks.NodeGroupScalingConfigArgs(\n desired_size=2,\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configurations ...\n var example = new Aws.Eks.NodeGroup(\"example\", new()\n {\n ScalingConfig = new Aws.Eks.Inputs.NodeGroupScalingConfigArgs\n {\n DesiredSize = 2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configurations ...\n\t\t_, err := eks.NewNodeGroup(ctx, \"example\", \u0026eks.NodeGroupArgs{\n\t\t\tScalingConfig: \u0026eks.NodeGroupScalingConfigArgs{\n\t\t\t\tDesiredSize: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.NodeGroup;\nimport com.pulumi.aws.eks.NodeGroupArgs;\nimport com.pulumi.aws.eks.inputs.NodeGroupScalingConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new NodeGroup(\"example\", NodeGroupArgs.builder() \n .scalingConfig(NodeGroupScalingConfigArgs.builder()\n .desiredSize(2)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:eks:NodeGroup\n properties:\n scalingConfig:\n desiredSize: 2\n```\n{{% /example %}}\n{{% example %}}\n### Example IAM Role for EKS Node Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {assumeRolePolicy: JSON.stringify({\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Principal: {\n Service: \"ec2.amazonaws.com\",\n },\n }],\n Version: \"2012-10-17\",\n})});\nconst example_AmazonEKSWorkerNodePolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\n role: example.name,\n});\nconst example_AmazonEKSCNIPolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\n role: example.name,\n});\nconst example_AmazonEC2ContainerRegistryReadOnly = new aws.iam.RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\", assume_role_policy=json.dumps({\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\",\n },\n }],\n \"Version\": \"2012-10-17\",\n}))\nexample__amazon_eks_worker_node_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\n role=example.name)\nexample__amazon_ekscni_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\n role=example.name)\nexample__amazon_ec2_container_registry_read_only = aws.iam.RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = \"sts:AssumeRole\",\n [\"Effect\"] = \"Allow\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"ec2.amazonaws.com\",\n },\n },\n },\n [\"Version\"] = \"2012-10-17\",\n }),\n });\n\n var example_AmazonEKSWorkerNodePolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\n Role = example.Name,\n });\n\n var example_AmazonEKSCNIPolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\n Role = example.Name,\n });\n\n var example_AmazonEC2ContainerRegistryReadOnly = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\", new()\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\n Role = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSWorkerNodePolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEKSCNIPolicy\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example-AmazonEC2ContainerRegistryReadOnly\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder() \n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", \"sts:AssumeRole\"),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"ec2.amazonaws.com\")\n ))\n ))),\n jsonProperty(\"Version\", \"2012-10-17\")\n )))\n .build());\n\n var example_AmazonEKSWorkerNodePolicy = new RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\")\n .role(example.name())\n .build());\n\n var example_AmazonEKSCNIPolicy = new RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\")\n .role(example.name())\n .build());\n\n var example_AmazonEC2ContainerRegistryReadOnly = new RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\", RolePolicyAttachmentArgs.builder() \n .policyArn(\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\")\n .role(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n assumeRolePolicy:\n fn::toJSON:\n Statement:\n - Action: sts:AssumeRole\n Effect: Allow\n Principal:\n Service: ec2.amazonaws.com\n Version: 2012-10-17\n example-AmazonEKSWorkerNodePolicy:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\n role: ${example.name}\n example-AmazonEKSCNIPolicy:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\n role: ${example.name}\n example-AmazonEC2ContainerRegistryReadOnly:\n type: aws:iam:RolePolicyAttachment\n properties:\n policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\n role: ${example.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import EKS Node Groups using the `cluster_name` and `node_group_name` separated by a colon (`:`). For example:\n\n```sh\n $ pulumi import aws:eks/nodeGroup:NodeGroup my_node_group my_cluster:my_node_group\n```\n ", "properties": { "amiType": { "type": "string", @@ -232489,7 +232489,7 @@ } }, "aws:elasticsearch/domain:Domain": { - "description": "Manages an AWS Elasticsearch Domain.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticsearch.Domain(\"example\", {\n clusterConfig: {\n instanceType: \"r4.large.elasticsearch\",\n },\n elasticsearchVersion: \"7.10\",\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticsearch.Domain(\"example\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.elasticsearch\",\n ),\n elasticsearch_version=\"7.10\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.elasticsearch\",\n },\n ElasticsearchVersion = \"7.10\",\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.elasticsearch\"),\n\t\t\t},\n\t\t\tElasticsearchVersion: pulumi.String(\"7.10\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.elasticsearch\")\n .build())\n .elasticsearchVersion(\"7.10\")\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n clusterConfig:\n instanceType: r4.large.elasticsearch\n elasticsearchVersion: '7.10'\n tags:\n Domain: TestDomain\n```\n{{% /example %}}\n{{% example %}}\n### Access Policy\n\n\u003e See also: `aws.elasticsearch.DomainPolicy` resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst example = new aws.elasticsearch.Domain(\"example\", {accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample = aws.elasticsearch.Domain(\"example\", access_policies=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\",\n \"Condition\": {{\n \"IpAddress\": {{\"aws:SourceIp\": [\"66.193.100.22/32\"]}}\n }}\n }}\n ]\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =\u003e\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"es:*\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\",\n \"\"Condition\"\": {{\n \"\"IpAddress\"\": {{\"\"aws:SourceIp\"\": [\"\"66.193.100.22/32\"\"]}}\n }}\n }}\n ]\n}}\n\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`, currentRegion.Name, currentCallerIdentity.AccountId, domain)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var example = new Domain(\"example\", DomainArgs.builder() \n .accessPolicies(\"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n accessPolicies: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n }\nvariables:\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% example %}}\n### Log Publishing to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\", {\n policyName: \"example\",\n policyDocument: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n// .. other configuration ...\nconst exampleDomain = new aws.elasticsearch.Domain(\"exampleDomain\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\",\n policy_name=\"example\",\n policy_document=example_policy_document.json)\n# .. other configuration ...\nexample_domain = aws.elasticsearch.Domain(\"exampleDomain\", log_publishing_options=[aws.elasticsearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\");\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"exampleLogResourcePolicy\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n // .. other configuration ...\n var exampleDomain = new Aws.ElasticSearch.Domain(\"exampleDomain\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"exampleLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"exampleDomain\", \u0026elasticsearch.DomainArgs{\n\t\t\tLogPublishingOptions: elasticsearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026elasticsearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\");\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyName: example\n policyDocument: ${examplePolicyDocument.json}\n exampleDomain:\n type: aws:elasticsearch:Domain\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n{{% /example %}}\n{{% example %}}\n### VPC based ES\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst selectedVpc = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst selectedSubnets = selectedVpc.then(selectedVpc =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [selectedVpc.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst esSecurityGroup = new aws.ec2.SecurityGroup(\"esSecurityGroup\", {\n description: \"Managed by Pulumi\",\n vpcId: selectedVpc.then(selectedVpc =\u003e selectedVpc.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [selectedVpc.then(selectedVpc =\u003e selectedVpc.cidrBlock)],\n }],\n});\nconst esServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"esServiceLinkedRole\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst esDomain = new aws.elasticsearch.Domain(\"esDomain\", {\n elasticsearchVersion: \"6.3\",\n clusterConfig: {\n instanceType: \"m4.large.elasticsearch\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n selectedSubnets.then(selectedSubnets =\u003e selectedSubnets.ids?.[0]),\n selectedSubnets.then(selectedSubnets =\u003e selectedSubnets.ids?.[1]),\n ],\n securityGroupIds: [esSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\"\n\t\t}\n\t]\n}\n`),\n tags: {\n Domain: \"TestDomain\",\n },\n}, {\n dependsOn: [esServiceLinkedRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nselected_vpc = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nselected_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[selected_vpc.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nes_security_group = aws.ec2.SecurityGroup(\"esSecurityGroup\",\n description=\"Managed by Pulumi\",\n vpc_id=selected_vpc.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[selected_vpc.cidr_block],\n )])\nes_service_linked_role = aws.iam.ServiceLinkedRole(\"esServiceLinkedRole\", aws_service_name=\"opensearchservice.amazonaws.com\")\nes_domain = aws.elasticsearch.Domain(\"esDomain\",\n elasticsearch_version=\"6.3\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.elasticsearch\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.elasticsearch.DomainVpcOptionsArgs(\n subnet_ids=[\n selected_subnets.ids[0],\n selected_subnets.ids[1],\n ],\n security_group_ids=[es_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=f\"\"\"{{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"\n\t\t}}\n\t]\n}}\n\"\"\",\n tags={\n \"Domain\": \"TestDomain\",\n },\n opts=pulumi.ResourceOptions(depends_on=[es_service_linked_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var selectedVpc = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var selectedSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n selectedVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var esSecurityGroup = new Aws.Ec2.SecurityGroup(\"esSecurityGroup\", new()\n {\n Description = \"Managed by Pulumi\",\n VpcId = selectedVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n selectedVpc.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var esServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"esServiceLinkedRole\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var esDomain = new Aws.ElasticSearch.Domain(\"esDomain\", new()\n {\n ElasticsearchVersion = \"6.3\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.elasticsearch\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n selectedSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n selectedSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n esSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =\u003e\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n return @$\"{{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{{\n\t\t\t\"\"Action\"\": \"\"es:*\"\",\n\t\t\t\"\"Principal\"\": \"\"*\"\",\n\t\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\t\"\"Resource\"\": \"\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\"\n\t\t}}\n\t]\n}}\n\";\n }),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n esServiceLinkedRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nselectedVpc, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nselectedSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nselectedVpc.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrentRegion, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nesSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"esSecurityGroup\", \u0026ec2.SecurityGroupArgs{\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(selectedVpc.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(selectedVpc.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nesServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, \"esServiceLinkedRole\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\n_, err = elasticsearch.NewDomain(ctx, \"esDomain\", \u0026elasticsearch.DomainArgs{\nElasticsearchVersion: pulumi.String(\"6.3\"),\nClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.elasticsearch\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(selectedSubnets.Ids[0]),\n*pulumi.String(selectedSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nesSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\"\n\t\t}\n\t]\n}\n`, currentRegion.Name, currentCallerIdentity.AccountId, domain)),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nesServiceLinkedRole,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var selectedVpc = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var selectedSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var esSecurityGroup = new SecurityGroup(\"esSecurityGroup\", SecurityGroupArgs.builder() \n .description(\"Managed by Pulumi\")\n .vpcId(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var esServiceLinkedRole = new ServiceLinkedRole(\"esServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n var esDomain = new Domain(\"esDomain\", DomainArgs.builder() \n .elasticsearchVersion(\"6.3\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.elasticsearch\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n selectedSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n selectedSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(esSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(\"\"\"\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\"\n\t\t}\n\t]\n}\n\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(esServiceLinkedRole)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n esSecurityGroup:\n type: aws:ec2:SecurityGroup\n properties:\n description: Managed by Pulumi\n vpcId: ${selectedVpc.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${selectedVpc.cidrBlock}\n esServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n esDomain:\n type: aws:elasticsearch:Domain\n properties:\n elasticsearchVersion: '6.3'\n clusterConfig:\n instanceType: m4.large.elasticsearch\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${selectedSubnets.ids[0]}\n - ${selectedSubnets.ids[1]}\n securityGroupIds:\n - ${esSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: |\n {\n \t\"Version\": \"2012-10-17\",\n \t\"Statement\": [\n \t\t{\n \t\t\t\"Action\": \"es:*\",\n \t\t\t\"Principal\": \"*\",\n \t\t\t\"Effect\": \"Allow\",\n \t\t\t\"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\"\n \t\t}\n \t]\n }\n tags:\n Domain: TestDomain\n options:\n dependson:\n - ${esServiceLinkedRole}\nvariables:\n selectedVpc:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n selectedSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${selectedVpc.id}\n tags:\n Tier: private\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Elasticsearch domains using the `domain_name`. For example:\n\n```sh\n $ pulumi import aws:elasticsearch/domain:Domain example domain_name\n```\n ", + "description": "Manages an AWS Elasticsearch Domain.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticsearch.Domain(\"example\", {\n clusterConfig: {\n instanceType: \"r4.large.elasticsearch\",\n },\n elasticsearchVersion: \"7.10\",\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticsearch.Domain(\"example\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.elasticsearch\",\n ),\n elasticsearch_version=\"7.10\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.elasticsearch\",\n },\n ElasticsearchVersion = \"7.10\",\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.elasticsearch\"),\n\t\t\t},\n\t\t\tElasticsearchVersion: pulumi.String(\"7.10\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.elasticsearch\")\n .build())\n .elasticsearchVersion(\"7.10\")\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n clusterConfig:\n instanceType: r4.large.elasticsearch\n elasticsearchVersion: '7.10'\n tags:\n Domain: TestDomain\n```\n{{% /example %}}\n{{% example %}}\n### Access Policy\n\n\u003e See also: `aws.elasticsearch.DomainPolicy` resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst example = new aws.elasticsearch.Domain(\"example\", {accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample = aws.elasticsearch.Domain(\"example\", access_policies=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\",\n \"Condition\": {{\n \"IpAddress\": {{\"aws:SourceIp\": [\"66.193.100.22/32\"]}}\n }}\n }}\n ]\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var example = new Aws.ElasticSearch.Domain(\"example\", new()\n {\n AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =\u003e\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"es:*\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\",\n \"\"Condition\"\": {{\n \"\"IpAddress\"\": {{\"\"aws:SourceIp\"\": [\"\"66.193.100.22/32\"\"]}}\n }}\n }}\n ]\n}}\n\";\n }),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"example\", \u0026elasticsearch.DomainArgs{\n\t\t\tAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`, currentRegion.Name, currentCallerIdentity.AccountId, domain)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var example = new Domain(\"example\", DomainArgs.builder() \n .accessPolicies(\"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n example:\n type: aws:elasticsearch:Domain\n properties:\n accessPolicies: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n }\nvariables:\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% example %}}\n### Log Publishing to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\", {\n policyName: \"example\",\n policyDocument: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n// .. other configuration ...\nconst exampleDomain = new aws.elasticsearch.Domain(\"exampleDomain\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\",\n policy_name=\"example\",\n policy_document=example_policy_document.json)\n# .. other configuration ...\nexample_domain = aws.elasticsearch.Domain(\"exampleDomain\", log_publishing_options=[aws.elasticsearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\");\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"exampleLogResourcePolicy\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n // .. other configuration ...\n var exampleDomain = new Aws.ElasticSearch.Domain(\"exampleDomain\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"exampleLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// .. other configuration ...\n\t\t_, err = elasticsearch.NewDomain(ctx, \"exampleDomain\", \u0026elasticsearch.DomainArgs{\n\t\t\tLogPublishingOptions: elasticsearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026elasticsearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\");\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyName: example\n policyDocument: ${examplePolicyDocument.json}\n exampleDomain:\n type: aws:elasticsearch:Domain\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n{{% /example %}}\n{{% example %}}\n### VPC based ES\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst selectedVpc = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst selectedSubnets = selectedVpc.then(selectedVpc =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [selectedVpc.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst esSecurityGroup = new aws.ec2.SecurityGroup(\"esSecurityGroup\", {\n description: \"Managed by Pulumi\",\n vpcId: selectedVpc.then(selectedVpc =\u003e selectedVpc.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [selectedVpc.then(selectedVpc =\u003e selectedVpc.cidrBlock)],\n }],\n});\nconst esServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"esServiceLinkedRole\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst esDomain = new aws.elasticsearch.Domain(\"esDomain\", {\n elasticsearchVersion: \"6.3\",\n clusterConfig: {\n instanceType: \"m4.large.elasticsearch\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n selectedSubnets.then(selectedSubnets =\u003e selectedSubnets.ids?.[0]),\n selectedSubnets.then(selectedSubnets =\u003e selectedSubnets.ids?.[1]),\n ],\n securityGroupIds: [esSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\"\n\t\t}\n\t]\n}\n`),\n tags: {\n Domain: \"TestDomain\",\n },\n}, {\n dependsOn: [esServiceLinkedRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nselected_vpc = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nselected_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[selected_vpc.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nes_security_group = aws.ec2.SecurityGroup(\"esSecurityGroup\",\n description=\"Managed by Pulumi\",\n vpc_id=selected_vpc.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[selected_vpc.cidr_block],\n )])\nes_service_linked_role = aws.iam.ServiceLinkedRole(\"esServiceLinkedRole\", aws_service_name=\"opensearchservice.amazonaws.com\")\nes_domain = aws.elasticsearch.Domain(\"esDomain\",\n elasticsearch_version=\"6.3\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.elasticsearch\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.elasticsearch.DomainVpcOptionsArgs(\n subnet_ids=[\n selected_subnets.ids[0],\n selected_subnets.ids[1],\n ],\n security_group_ids=[es_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=f\"\"\"{{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"\n\t\t}}\n\t]\n}}\n\"\"\",\n tags={\n \"Domain\": \"TestDomain\",\n },\n opts=pulumi.ResourceOptions(depends_on=[es_service_linked_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var selectedVpc = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var selectedSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n selectedVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var esSecurityGroup = new Aws.Ec2.SecurityGroup(\"esSecurityGroup\", new()\n {\n Description = \"Managed by Pulumi\",\n VpcId = selectedVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n selectedVpc.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var esServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"esServiceLinkedRole\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var esDomain = new Aws.ElasticSearch.Domain(\"esDomain\", new()\n {\n ElasticsearchVersion = \"6.3\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.elasticsearch\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n selectedSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n selectedSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n esSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =\u003e\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n return @$\"{{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{{\n\t\t\t\"\"Action\"\": \"\"es:*\"\",\n\t\t\t\"\"Principal\"\": \"\"*\"\",\n\t\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\t\"\"Resource\"\": \"\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\"\"\n\t\t}}\n\t]\n}}\n\";\n }),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n esServiceLinkedRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nselectedVpc, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nselectedSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nselectedVpc.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrentRegion, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nesSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"esSecurityGroup\", \u0026ec2.SecurityGroupArgs{\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(selectedVpc.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(selectedVpc.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nesServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, \"esServiceLinkedRole\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\n_, err = elasticsearch.NewDomain(ctx, \"esDomain\", \u0026elasticsearch.DomainArgs{\nElasticsearchVersion: pulumi.String(\"6.3\"),\nClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.elasticsearch\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(selectedSubnets.Ids[0]),\n*pulumi.String(selectedSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nesSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: pulumi.Any(fmt.Sprintf(`{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%v:%v:domain/%v/*\"\n\t\t}\n\t]\n}\n`, currentRegion.Name, currentCallerIdentity.AccountId, domain)),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nesServiceLinkedRole,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var selectedVpc = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var selectedSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var esSecurityGroup = new SecurityGroup(\"esSecurityGroup\", SecurityGroupArgs.builder() \n .description(\"Managed by Pulumi\")\n .vpcId(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(selectedVpc.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var esServiceLinkedRole = new ServiceLinkedRole(\"esServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n var esDomain = new Domain(\"esDomain\", DomainArgs.builder() \n .elasticsearchVersion(\"6.3\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.elasticsearch\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n selectedSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n selectedSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(esSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(\"\"\"\n{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Action\": \"es:*\",\n\t\t\t\"Principal\": \"*\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Resource\": \"arn:aws:es:%s:%s:domain/%s/*\"\n\t\t}\n\t]\n}\n\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(esServiceLinkedRole)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n esSecurityGroup:\n type: aws:ec2:SecurityGroup\n properties:\n description: Managed by Pulumi\n vpcId: ${selectedVpc.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${selectedVpc.cidrBlock}\n esServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n esDomain:\n type: aws:elasticsearch:Domain\n properties:\n elasticsearchVersion: '6.3'\n clusterConfig:\n instanceType: m4.large.elasticsearch\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${selectedSubnets.ids[0]}\n - ${selectedSubnets.ids[1]}\n securityGroupIds:\n - ${esSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: |\n {\n \t\"Version\": \"2012-10-17\",\n \t\"Statement\": [\n \t\t{\n \t\t\t\"Action\": \"es:*\",\n \t\t\t\"Principal\": \"*\",\n \t\t\t\"Effect\": \"Allow\",\n \t\t\t\"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\"\n \t\t}\n \t]\n }\n tags:\n Domain: TestDomain\n options:\n dependson:\n - ${esServiceLinkedRole}\nvariables:\n selectedVpc:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n selectedSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${selectedVpc.id}\n tags:\n Tier: private\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Elasticsearch domains using the `domain_name`. For example:\n\n```sh\n $ pulumi import aws:elasticsearch/domain:Domain example domain_name\n```\n ", "properties": { "accessPolicies": { "type": "string", @@ -233417,7 +233417,7 @@ ] }, "aws:elb/attachment:Attachment": { - "description": "Attaches an EC2 instance to an Elastic Load Balancer (ELB). For attaching resources with Application Load Balancer (ALB) or Network Load Balancer (NLB), see the `aws.lb.TargetGroupAttachment` resource.\n\n\u003e **NOTE on ELB Instances and ELB Attachments:** This provider currently provides\nboth a standalone ELB Attachment resource (describing an instance attached to\nan ELB), and an Elastic Load Balancer resource with\n`instances` defined in-line. At this time you cannot use an ELB with in-line\ninstances in conjunction with an ELB Attachment resource. Doing so will cause a\nconflict and will overwrite attachments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer attachment\nconst baz = new aws.elb.Attachment(\"baz\", {\n elb: aws_elb.bar.id,\n instance: aws_instance.foo.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer attachment\nbaz = aws.elb.Attachment(\"baz\",\n elb=aws_elb[\"bar\"][\"id\"],\n instance=aws_instance[\"foo\"][\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new load balancer attachment\n var baz = new Aws.Elb.Attachment(\"baz\", new()\n {\n Elb = aws_elb.Bar.Id,\n Instance = aws_instance.Foo.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewAttachment(ctx, \"baz\", \u0026elb.AttachmentArgs{\n\t\t\tElb: pulumi.Any(aws_elb.Bar.Id),\n\t\t\tInstance: pulumi.Any(aws_instance.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.Attachment;\nimport com.pulumi.aws.elb.AttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var baz = new Attachment(\"baz\", AttachmentArgs.builder() \n .elb(aws_elb.bar().id())\n .instance(aws_instance.foo().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new load balancer attachment\n baz:\n type: aws:elb:Attachment\n properties:\n elb: ${aws_elb.bar.id}\n instance: ${aws_instance.foo.id}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Attaches an EC2 instance to an Elastic Load Balancer (ELB). For attaching resources with Application Load Balancer (ALB) or Network Load Balancer (NLB), see the `aws.lb.TargetGroupAttachment` resource.\n\n\u003e **NOTE on ELB Instances and ELB Attachments:** This provider currently provides\nboth a standalone ELB Attachment resource (describing an instance attached to\nan ELB), and an Elastic Load Balancer resource with\n`instances` defined in-line. At this time you cannot use an ELB with in-line\ninstances in conjunction with an ELB Attachment resource. Doing so will cause a\nconflict and will overwrite attachments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer attachment\nconst baz = new aws.elb.Attachment(\"baz\", {\n elb: aws_elb.bar.id,\n instance: aws_instance.foo.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer attachment\nbaz = aws.elb.Attachment(\"baz\",\n elb=aws_elb[\"bar\"][\"id\"],\n instance=aws_instance[\"foo\"][\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new load balancer attachment\n var baz = new Aws.Elb.Attachment(\"baz\", new()\n {\n Elb = aws_elb.Bar.Id,\n Instance = aws_instance.Foo.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new load balancer attachment\n\t\t_, err := elb.NewAttachment(ctx, \"baz\", \u0026elb.AttachmentArgs{\n\t\t\tElb: pulumi.Any(aws_elb.Bar.Id),\n\t\t\tInstance: pulumi.Any(aws_instance.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.Attachment;\nimport com.pulumi.aws.elb.AttachmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var baz = new Attachment(\"baz\", AttachmentArgs.builder() \n .elb(aws_elb.bar().id())\n .instance(aws_instance.foo().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new load balancer attachment\n baz:\n type: aws:elb:Attachment\n properties:\n elb: ${aws_elb.bar.id}\n instance: ${aws_instance.foo.id}\n```\n{{% /example %}}\n{{% /examples %}}", "properties": { "elb": { "type": "string", @@ -233563,7 +233563,7 @@ ] }, "aws:elb/loadBalancer:LoadBalancer": { - "description": "Provides an Elastic Load Balancer resource, also known as a \"Classic\nLoad Balancer\" after the release of\nApplication/Network Load Balancers.\n\n\u003e **NOTE on ELB Instances and ELB Attachments:** This provider currently\nprovides both a standalone ELB Attachment resource\n(describing an instance attached to an ELB), and an ELB resource with\n`instances` defined in-line. At this time you cannot use an ELB with in-line\ninstances in conjunction with a ELB Attachment resources. Doing so will cause a\nconflict and will overwrite attachments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer\nconst bar = new aws.elb.LoadBalancer(\"bar\", {\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n accessLogs: {\n bucket: \"foo\",\n bucketPrefix: \"bar\",\n interval: 60,\n },\n listeners: [\n {\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n },\n {\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n ],\n healthCheck: {\n healthyThreshold: 2,\n unhealthyThreshold: 2,\n timeout: 3,\n target: \"HTTP:8000/\",\n interval: 30,\n },\n instances: [aws_instance.foo.id],\n crossZoneLoadBalancing: true,\n idleTimeout: 400,\n connectionDraining: true,\n connectionDrainingTimeout: 400,\n tags: {\n Name: \"foobar-elb\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer\nbar = aws.elb.LoadBalancer(\"bar\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n access_logs=aws.elb.LoadBalancerAccessLogsArgs(\n bucket=\"foo\",\n bucket_prefix=\"bar\",\n interval=60,\n ),\n listeners=[\n aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n ),\n aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::123456789012:server-certificate/certName\",\n ),\n ],\n health_check=aws.elb.LoadBalancerHealthCheckArgs(\n healthy_threshold=2,\n unhealthy_threshold=2,\n timeout=3,\n target=\"HTTP:8000/\",\n interval=30,\n ),\n instances=[aws_instance[\"foo\"][\"id\"]],\n cross_zone_load_balancing=True,\n idle_timeout=400,\n connection_draining=True,\n connection_draining_timeout=400,\n tags={\n \"Name\": \"foobar-elb\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new load balancer\n var bar = new Aws.Elb.LoadBalancer(\"bar\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n AccessLogs = new Aws.Elb.Inputs.LoadBalancerAccessLogsArgs\n {\n Bucket = \"foo\",\n BucketPrefix = \"bar\",\n Interval = 60,\n },\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n },\n HealthCheck = new Aws.Elb.Inputs.LoadBalancerHealthCheckArgs\n {\n HealthyThreshold = 2,\n UnhealthyThreshold = 2,\n Timeout = 3,\n Target = \"HTTP:8000/\",\n Interval = 30,\n },\n Instances = new[]\n {\n aws_instance.Foo.Id,\n },\n CrossZoneLoadBalancing = true,\n IdleTimeout = 400,\n ConnectionDraining = true,\n ConnectionDrainingTimeout = 400,\n Tags = \n {\n { \"Name\", \"foobar-elb\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewLoadBalancer(ctx, \"bar\", \u0026elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tAccessLogs: \u0026elb.LoadBalancerAccessLogsArgs{\n\t\t\t\tBucket: pulumi.String(\"foo\"),\n\t\t\t\tBucketPrefix: pulumi.String(\"bar\"),\n\t\t\t\tInterval: pulumi.Int(60),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::123456789012:server-certificate/certName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthCheck: \u0026elb.LoadBalancerHealthCheckArgs{\n\t\t\t\tHealthyThreshold: pulumi.Int(2),\n\t\t\t\tUnhealthyThreshold: pulumi.Int(2),\n\t\t\t\tTimeout: pulumi.Int(3),\n\t\t\t\tTarget: pulumi.String(\"HTTP:8000/\"),\n\t\t\t\tInterval: pulumi.Int(30),\n\t\t\t},\n\t\t\tInstances: pulumi.StringArray{\n\t\t\t\taws_instance.Foo.Id,\n\t\t\t},\n\t\t\tCrossZoneLoadBalancing: pulumi.Bool(true),\n\t\t\tIdleTimeout: pulumi.Int(400),\n\t\t\tConnectionDraining: pulumi.Bool(true),\n\t\t\tConnectionDrainingTimeout: pulumi.Int(400),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foobar-elb\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerAccessLogsArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerHealthCheckArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new LoadBalancer(\"bar\", LoadBalancerArgs.builder() \n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .accessLogs(LoadBalancerAccessLogsArgs.builder()\n .bucket(\"foo\")\n .bucketPrefix(\"bar\")\n .interval(60)\n .build())\n .listeners( \n LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"http\")\n .lbPort(80)\n .lbProtocol(\"http\")\n .build(),\n LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"http\")\n .lbPort(443)\n .lbProtocol(\"https\")\n .sslCertificateId(\"arn:aws:iam::123456789012:server-certificate/certName\")\n .build())\n .healthCheck(LoadBalancerHealthCheckArgs.builder()\n .healthyThreshold(2)\n .unhealthyThreshold(2)\n .timeout(3)\n .target(\"HTTP:8000/\")\n .interval(30)\n .build())\n .instances(aws_instance.foo().id())\n .crossZoneLoadBalancing(true)\n .idleTimeout(400)\n .connectionDraining(true)\n .connectionDrainingTimeout(400)\n .tags(Map.of(\"Name\", \"foobar-elb\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new load balancer\n bar:\n type: aws:elb:LoadBalancer\n properties:\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n accessLogs:\n bucket: foo\n bucketPrefix: bar\n interval: 60\n listeners:\n - instancePort: 8000\n instanceProtocol: http\n lbPort: 80\n lbProtocol: http\n - instancePort: 8000\n instanceProtocol: http\n lbPort: 443\n lbProtocol: https\n sslCertificateId: arn:aws:iam::123456789012:server-certificate/certName\n healthCheck:\n healthyThreshold: 2\n unhealthyThreshold: 2\n timeout: 3\n target: HTTP:8000/\n interval: 30\n instances:\n - ${aws_instance.foo.id}\n crossZoneLoadBalancing: true\n idleTimeout: 400\n connectionDraining: true\n connectionDrainingTimeout: 400\n tags:\n Name: foobar-elb\n```\n{{% /example %}}\n{{% /examples %}}\n## Note on ECDSA Key Algorithm\n\nIf the ARN of the `ssl_certificate_id` that is pointed to references a\ncertificate that was signed by an ECDSA key, note that ELB only supports the\nP256 and P384 curves. Using a certificate signed by a key using a different\ncurve could produce the error `ERR_SSL_VERSION_OR_CIPHER_MISMATCH` in your\nbrowser.\n\n\n## Import\n\nUsing `pulumi import`, import ELBs using the `name`. For example:\n\n```sh\n $ pulumi import aws:elb/loadBalancer:LoadBalancer bar elb-production-12345\n```\n ", + "description": "Provides an Elastic Load Balancer resource, also known as a \"Classic\nLoad Balancer\" after the release of\nApplication/Network Load Balancers.\n\n\u003e **NOTE on ELB Instances and ELB Attachments:** This provider currently\nprovides both a standalone ELB Attachment resource\n(describing an instance attached to an ELB), and an ELB resource with\n`instances` defined in-line. At this time you cannot use an ELB with in-line\ninstances in conjunction with a ELB Attachment resources. Doing so will cause a\nconflict and will overwrite attachments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer\nconst bar = new aws.elb.LoadBalancer(\"bar\", {\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n accessLogs: {\n bucket: \"foo\",\n bucketPrefix: \"bar\",\n interval: 60,\n },\n listeners: [\n {\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n },\n {\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n ],\n healthCheck: {\n healthyThreshold: 2,\n unhealthyThreshold: 2,\n timeout: 3,\n target: \"HTTP:8000/\",\n interval: 30,\n },\n instances: [aws_instance.foo.id],\n crossZoneLoadBalancing: true,\n idleTimeout: 400,\n connectionDraining: true,\n connectionDrainingTimeout: 400,\n tags: {\n Name: \"foobar-elb\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer\nbar = aws.elb.LoadBalancer(\"bar\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n access_logs=aws.elb.LoadBalancerAccessLogsArgs(\n bucket=\"foo\",\n bucket_prefix=\"bar\",\n interval=60,\n ),\n listeners=[\n aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n ),\n aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::123456789012:server-certificate/certName\",\n ),\n ],\n health_check=aws.elb.LoadBalancerHealthCheckArgs(\n healthy_threshold=2,\n unhealthy_threshold=2,\n timeout=3,\n target=\"HTTP:8000/\",\n interval=30,\n ),\n instances=[aws_instance[\"foo\"][\"id\"]],\n cross_zone_load_balancing=True,\n idle_timeout=400,\n connection_draining=True,\n connection_draining_timeout=400,\n tags={\n \"Name\": \"foobar-elb\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new load balancer\n var bar = new Aws.Elb.LoadBalancer(\"bar\", new()\n {\n AvailabilityZones = new[]\n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n AccessLogs = new Aws.Elb.Inputs.LoadBalancerAccessLogsArgs\n {\n Bucket = \"foo\",\n BucketPrefix = \"bar\",\n Interval = 60,\n },\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n },\n HealthCheck = new Aws.Elb.Inputs.LoadBalancerHealthCheckArgs\n {\n HealthyThreshold = 2,\n UnhealthyThreshold = 2,\n Timeout = 3,\n Target = \"HTTP:8000/\",\n Interval = 30,\n },\n Instances = new[]\n {\n aws_instance.Foo.Id,\n },\n CrossZoneLoadBalancing = true,\n IdleTimeout = 400,\n ConnectionDraining = true,\n ConnectionDrainingTimeout = 400,\n Tags = \n {\n { \"Name\", \"foobar-elb\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new load balancer\n\t\t_, err := elb.NewLoadBalancer(ctx, \"bar\", \u0026elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tAccessLogs: \u0026elb.LoadBalancerAccessLogsArgs{\n\t\t\t\tBucket: pulumi.String(\"foo\"),\n\t\t\t\tBucketPrefix: pulumi.String(\"bar\"),\n\t\t\t\tInterval: pulumi.Int(60),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::123456789012:server-certificate/certName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthCheck: \u0026elb.LoadBalancerHealthCheckArgs{\n\t\t\t\tHealthyThreshold: pulumi.Int(2),\n\t\t\t\tUnhealthyThreshold: pulumi.Int(2),\n\t\t\t\tTimeout: pulumi.Int(3),\n\t\t\t\tTarget: pulumi.String(\"HTTP:8000/\"),\n\t\t\t\tInterval: pulumi.Int(30),\n\t\t\t},\n\t\t\tInstances: pulumi.StringArray{\n\t\t\t\taws_instance.Foo.Id,\n\t\t\t},\n\t\t\tCrossZoneLoadBalancing: pulumi.Bool(true),\n\t\t\tIdleTimeout: pulumi.Int(400),\n\t\t\tConnectionDraining: pulumi.Bool(true),\n\t\t\tConnectionDrainingTimeout: pulumi.Int(400),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foobar-elb\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerAccessLogsArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerHealthCheckArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bar = new LoadBalancer(\"bar\", LoadBalancerArgs.builder() \n .availabilityZones( \n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\")\n .accessLogs(LoadBalancerAccessLogsArgs.builder()\n .bucket(\"foo\")\n .bucketPrefix(\"bar\")\n .interval(60)\n .build())\n .listeners( \n LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"http\")\n .lbPort(80)\n .lbProtocol(\"http\")\n .build(),\n LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"http\")\n .lbPort(443)\n .lbProtocol(\"https\")\n .sslCertificateId(\"arn:aws:iam::123456789012:server-certificate/certName\")\n .build())\n .healthCheck(LoadBalancerHealthCheckArgs.builder()\n .healthyThreshold(2)\n .unhealthyThreshold(2)\n .timeout(3)\n .target(\"HTTP:8000/\")\n .interval(30)\n .build())\n .instances(aws_instance.foo().id())\n .crossZoneLoadBalancing(true)\n .idleTimeout(400)\n .connectionDraining(true)\n .connectionDrainingTimeout(400)\n .tags(Map.of(\"Name\", \"foobar-elb\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new load balancer\n bar:\n type: aws:elb:LoadBalancer\n properties:\n availabilityZones:\n - us-west-2a\n - us-west-2b\n - us-west-2c\n accessLogs:\n bucket: foo\n bucketPrefix: bar\n interval: 60\n listeners:\n - instancePort: 8000\n instanceProtocol: http\n lbPort: 80\n lbProtocol: http\n - instancePort: 8000\n instanceProtocol: http\n lbPort: 443\n lbProtocol: https\n sslCertificateId: arn:aws:iam::123456789012:server-certificate/certName\n healthCheck:\n healthyThreshold: 2\n unhealthyThreshold: 2\n timeout: 3\n target: HTTP:8000/\n interval: 30\n instances:\n - ${aws_instance.foo.id}\n crossZoneLoadBalancing: true\n idleTimeout: 400\n connectionDraining: true\n connectionDrainingTimeout: 400\n tags:\n Name: foobar-elb\n```\n{{% /example %}}\n{{% /examples %}}\n## Note on ECDSA Key Algorithm\n\nIf the ARN of the `ssl_certificate_id` that is pointed to references a\ncertificate that was signed by an ECDSA key, note that ELB only supports the\nP256 and P384 curves. Using a certificate signed by a key using a different\ncurve could produce the error `ERR_SSL_VERSION_OR_CIPHER_MISMATCH` in your\nbrowser.\n\n\n## Import\n\nUsing `pulumi import`, import ELBs using the `name`. For example:\n\n```sh\n $ pulumi import aws:elb/loadBalancer:LoadBalancer bar elb-production-12345\n```\n ", "properties": { "accessLogs": { "$ref": "#/types/aws:elb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", @@ -234332,7 +234332,7 @@ } }, "aws:emr/cluster:Cluster": { - "description": "Provides an Elastic MapReduce Cluster, a web service that makes it easy to process large amounts of data efficiently. See [Amazon Elastic MapReduce Documentation](https://aws.amazon.com/documentation/elastic-mapreduce/) for more information.\n\nTo configure [Instance Groups](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for [task nodes](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-task), see the `aws.emr.InstanceGroup` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cluster = new aws.emr.Cluster(\"cluster\", {\n releaseLabel: \"emr-4.6.0\",\n applications: [\"Spark\"],\n additionalInfo: `{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n`,\n terminationProtection: false,\n keepJobFlowAliveWhenNoSteps: true,\n ec2Attributes: {\n subnetId: aws_subnet.main.id,\n emrManagedMasterSecurityGroup: aws_security_group.sg.id,\n emrManagedSlaveSecurityGroup: aws_security_group.sg.id,\n instanceProfile: aws_iam_instance_profile.emr_profile.arn,\n },\n masterInstanceGroup: {\n instanceType: \"m4.large\",\n },\n coreInstanceGroup: {\n instanceType: \"c4.large\",\n instanceCount: 1,\n ebsConfigs: [{\n size: 40,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n bidPrice: \"0.30\",\n autoscalingPolicy: `{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n`,\n },\n ebsRootVolumeSize: 100,\n tags: {\n role: \"rolename\",\n env: \"env\",\n },\n bootstrapActions: [{\n path: \"s3://elasticmapreduce/bootstrap-actions/run-if\",\n name: \"runif\",\n args: [\n \"instance.isMaster=true\",\n \"echo running on master node\",\n ],\n }],\n configurationsJson: ` [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n`,\n serviceRole: aws_iam_role.iam_emr_service_role.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncluster = aws.emr.Cluster(\"cluster\",\n release_label=\"emr-4.6.0\",\n applications=[\"Spark\"],\n additional_info=\"\"\"{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n\"\"\",\n termination_protection=False,\n keep_job_flow_alive_when_no_steps=True,\n ec2_attributes=aws.emr.ClusterEc2AttributesArgs(\n subnet_id=aws_subnet[\"main\"][\"id\"],\n emr_managed_master_security_group=aws_security_group[\"sg\"][\"id\"],\n emr_managed_slave_security_group=aws_security_group[\"sg\"][\"id\"],\n instance_profile=aws_iam_instance_profile[\"emr_profile\"][\"arn\"],\n ),\n master_instance_group=aws.emr.ClusterMasterInstanceGroupArgs(\n instance_type=\"m4.large\",\n ),\n core_instance_group=aws.emr.ClusterCoreInstanceGroupArgs(\n instance_type=\"c4.large\",\n instance_count=1,\n ebs_configs=[aws.emr.ClusterCoreInstanceGroupEbsConfigArgs(\n size=40,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n bid_price=\"0.30\",\n autoscaling_policy=\"\"\"{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n\"\"\",\n ),\n ebs_root_volume_size=100,\n tags={\n \"role\": \"rolename\",\n \"env\": \"env\",\n },\n bootstrap_actions=[aws.emr.ClusterBootstrapActionArgs(\n path=\"s3://elasticmapreduce/bootstrap-actions/run-if\",\n name=\"runif\",\n args=[\n \"instance.isMaster=true\",\n \"echo running on master node\",\n ],\n )],\n configurations_json=\"\"\" [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n\"\"\",\n service_role=aws_iam_role[\"iam_emr_service_role\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cluster = new Aws.Emr.Cluster(\"cluster\", new()\n {\n ReleaseLabel = \"emr-4.6.0\",\n Applications = new[]\n {\n \"Spark\",\n },\n AdditionalInfo = @\"{\n \"\"instanceAwsClientConfiguration\"\": {\n \"\"proxyPort\"\": 8099,\n \"\"proxyHost\"\": \"\"myproxy.example.com\"\"\n }\n}\n\",\n TerminationProtection = false,\n KeepJobFlowAliveWhenNoSteps = true,\n Ec2Attributes = new Aws.Emr.Inputs.ClusterEc2AttributesArgs\n {\n SubnetId = aws_subnet.Main.Id,\n EmrManagedMasterSecurityGroup = aws_security_group.Sg.Id,\n EmrManagedSlaveSecurityGroup = aws_security_group.Sg.Id,\n InstanceProfile = aws_iam_instance_profile.Emr_profile.Arn,\n },\n MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs\n {\n InstanceType = \"m4.large\",\n },\n CoreInstanceGroup = new Aws.Emr.Inputs.ClusterCoreInstanceGroupArgs\n {\n InstanceType = \"c4.large\",\n InstanceCount = 1,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceGroupEbsConfigArgs\n {\n Size = 40,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n BidPrice = \"0.30\",\n AutoscalingPolicy = @\"{\n\"\"Constraints\"\": {\n \"\"MinCapacity\"\": 1,\n \"\"MaxCapacity\"\": 2\n},\n\"\"Rules\"\": [\n {\n \"\"Name\"\": \"\"ScaleOutMemoryPercentage\"\",\n \"\"Description\"\": \"\"Scale out if YARNMemoryAvailablePercentage is less than 15\"\",\n \"\"Action\"\": {\n \"\"SimpleScalingPolicyConfiguration\"\": {\n \"\"AdjustmentType\"\": \"\"CHANGE_IN_CAPACITY\"\",\n \"\"ScalingAdjustment\"\": 1,\n \"\"CoolDown\"\": 300\n }\n },\n \"\"Trigger\"\": {\n \"\"CloudWatchAlarmDefinition\"\": {\n \"\"ComparisonOperator\"\": \"\"LESS_THAN\"\",\n \"\"EvaluationPeriods\"\": 1,\n \"\"MetricName\"\": \"\"YARNMemoryAvailablePercentage\"\",\n \"\"Namespace\"\": \"\"AWS/ElasticMapReduce\"\",\n \"\"Period\"\": 300,\n \"\"Statistic\"\": \"\"AVERAGE\"\",\n \"\"Threshold\"\": 15.0,\n \"\"Unit\"\": \"\"PERCENT\"\"\n }\n }\n }\n]\n}\n\",\n },\n EbsRootVolumeSize = 100,\n Tags = \n {\n { \"role\", \"rolename\" },\n { \"env\", \"env\" },\n },\n BootstrapActions = new[]\n {\n new Aws.Emr.Inputs.ClusterBootstrapActionArgs\n {\n Path = \"s3://elasticmapreduce/bootstrap-actions/run-if\",\n Name = \"runif\",\n Args = new[]\n {\n \"instance.isMaster=true\",\n \"echo running on master node\",\n },\n },\n },\n ConfigurationsJson = @\" [\n {\n \"\"Classification\"\": \"\"hadoop-env\"\",\n \"\"Configurations\"\": [\n {\n \"\"Classification\"\": \"\"export\"\",\n \"\"Properties\"\": {\n \"\"JAVA_HOME\"\": \"\"/usr/lib/jvm/java-1.8.0\"\"\n }\n }\n ],\n \"\"Properties\"\": {}\n },\n {\n \"\"Classification\"\": \"\"spark-env\"\",\n \"\"Configurations\"\": [\n {\n \"\"Classification\"\": \"\"export\"\",\n \"\"Properties\"\": {\n \"\"JAVA_HOME\"\": \"\"/usr/lib/jvm/java-1.8.0\"\"\n }\n }\n ],\n \"\"Properties\"\": {}\n }\n ]\n\",\n ServiceRole = aws_iam_role.Iam_emr_service_role.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := emr.NewCluster(ctx, \"cluster\", \u0026emr.ClusterArgs{\n\t\t\tReleaseLabel: pulumi.String(\"emr-4.6.0\"),\n\t\t\tApplications: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Spark\"),\n\t\t\t},\n\t\t\tAdditionalInfo: pulumi.String(`{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n`),\n\t\t\tTerminationProtection: pulumi.Bool(false),\n\t\t\tKeepJobFlowAliveWhenNoSteps: pulumi.Bool(true),\n\t\t\tEc2Attributes: \u0026emr.ClusterEc2AttributesArgs{\n\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Main.Id),\n\t\t\t\tEmrManagedMasterSecurityGroup: pulumi.Any(aws_security_group.Sg.Id),\n\t\t\t\tEmrManagedSlaveSecurityGroup: pulumi.Any(aws_security_group.Sg.Id),\n\t\t\t\tInstanceProfile: pulumi.Any(aws_iam_instance_profile.Emr_profile.Arn),\n\t\t\t},\n\t\t\tMasterInstanceGroup: \u0026emr.ClusterMasterInstanceGroupArgs{\n\t\t\t\tInstanceType: pulumi.String(\"m4.large\"),\n\t\t\t},\n\t\t\tCoreInstanceGroup: \u0026emr.ClusterCoreInstanceGroupArgs{\n\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\tInstanceCount: pulumi.Int(1),\n\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceGroupEbsConfigArray{\n\t\t\t\t\t\u0026emr.ClusterCoreInstanceGroupEbsConfigArgs{\n\t\t\t\t\t\tSize: pulumi.Int(40),\n\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tBidPrice: pulumi.String(\"0.30\"),\n\t\t\t\tAutoscalingPolicy: pulumi.String(`{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n`),\n\t\t\t},\n\t\t\tEbsRootVolumeSize: pulumi.Int(100),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"role\": pulumi.String(\"rolename\"),\n\t\t\t\t\"env\": pulumi.String(\"env\"),\n\t\t\t},\n\t\t\tBootstrapActions: emr.ClusterBootstrapActionArray{\n\t\t\t\t\u0026emr.ClusterBootstrapActionArgs{\n\t\t\t\t\tPath: pulumi.String(\"s3://elasticmapreduce/bootstrap-actions/run-if\"),\n\t\t\t\t\tName: pulumi.String(\"runif\"),\n\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"instance.isMaster=true\"),\n\t\t\t\t\t\tpulumi.String(\"echo running on master node\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConfigurationsJson: pulumi.String(` [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n`),\n\t\t\tServiceRole: pulumi.Any(aws_iam_role.Iam_emr_service_role.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.emr.Cluster;\nimport com.pulumi.aws.emr.ClusterArgs;\nimport com.pulumi.aws.emr.inputs.ClusterEc2AttributesArgs;\nimport com.pulumi.aws.emr.inputs.ClusterMasterInstanceGroupArgs;\nimport com.pulumi.aws.emr.inputs.ClusterCoreInstanceGroupArgs;\nimport com.pulumi.aws.emr.inputs.ClusterBootstrapActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder() \n .releaseLabel(\"emr-4.6.0\")\n .applications(\"Spark\")\n .additionalInfo(\"\"\"\n{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n \"\"\")\n .terminationProtection(false)\n .keepJobFlowAliveWhenNoSteps(true)\n .ec2Attributes(ClusterEc2AttributesArgs.builder()\n .subnetId(aws_subnet.main().id())\n .emrManagedMasterSecurityGroup(aws_security_group.sg().id())\n .emrManagedSlaveSecurityGroup(aws_security_group.sg().id())\n .instanceProfile(aws_iam_instance_profile.emr_profile().arn())\n .build())\n .masterInstanceGroup(ClusterMasterInstanceGroupArgs.builder()\n .instanceType(\"m4.large\")\n .build())\n .coreInstanceGroup(ClusterCoreInstanceGroupArgs.builder()\n .instanceType(\"c4.large\")\n .instanceCount(1)\n .ebsConfigs(ClusterCoreInstanceGroupEbsConfigArgs.builder()\n .size(\"40\")\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .bidPrice(\"0.30\")\n .autoscalingPolicy(\"\"\"\n{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n \"\"\")\n .build())\n .ebsRootVolumeSize(100)\n .tags(Map.ofEntries(\n Map.entry(\"role\", \"rolename\"),\n Map.entry(\"env\", \"env\")\n ))\n .bootstrapActions(ClusterBootstrapActionArgs.builder()\n .path(\"s3://elasticmapreduce/bootstrap-actions/run-if\")\n .name(\"runif\")\n .args( \n \"instance.isMaster=true\",\n \"echo running on master node\")\n .build())\n .configurationsJson(\"\"\"\n [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n \"\"\")\n .serviceRole(aws_iam_role.iam_emr_service_role().arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: aws:emr:Cluster\n properties:\n releaseLabel: emr-4.6.0\n applications:\n - Spark\n additionalInfo: |\n {\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n }\n terminationProtection: false\n keepJobFlowAliveWhenNoSteps: true\n ec2Attributes:\n subnetId: ${aws_subnet.main.id}\n emrManagedMasterSecurityGroup: ${aws_security_group.sg.id}\n emrManagedSlaveSecurityGroup: ${aws_security_group.sg.id}\n instanceProfile: ${aws_iam_instance_profile.emr_profile.arn}\n masterInstanceGroup:\n instanceType: m4.large\n coreInstanceGroup:\n instanceType: c4.large\n instanceCount: 1\n ebsConfigs:\n - size: '40'\n type: gp2\n volumesPerInstance: 1\n bidPrice: '0.30'\n autoscalingPolicy: |\n {\n \"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n },\n \"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n ]\n }\n ebsRootVolumeSize: 100\n tags:\n role: rolename\n env: env\n bootstrapActions:\n - path: s3://elasticmapreduce/bootstrap-actions/run-if\n name: runif\n args:\n - instance.isMaster=true\n - echo running on master node\n configurationsJson: |2\n [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n serviceRole: ${aws_iam_role.iam_emr_service_role.arn}\n```\n\nThe `aws.emr.Cluster` resource typically requires two IAM roles, one for the EMR Cluster to use as a service role, and another is assigned to every EC2 instance in a cluster and each application process that runs on a cluster assumes this role for permissions to interact with other AWS services. An additional role, the Auto Scaling role, is required if your cluster uses automatic scaling in Amazon EMR.\n\nThe default AWS managed EMR service role is called `EMR_DefaultRole` with Amazon managed policy `AmazonEMRServicePolicy_v2` attached. The name of default instance profile role is `EMR_EC2_DefaultRole` with default managed policy `AmazonElasticMapReduceforEC2Role` attached, but it is on the path to deprecation and will not be replaced with another default managed policy. You'll need to create and specify an instance profile to replace the deprecated role and default policy. See the [Configure IAM service roles for Amazon EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-iam-roles.html) guide for more information on these IAM roles. There is also a fully-bootable example Pulumi configuration at the bottom of this page.\n{{% /example %}}\n{{% example %}}\n### Instance Fleet\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.emr.Cluster(\"example\", {\n masterInstanceFleet: {\n instanceTypeConfigs: [{\n instanceType: \"m4.xlarge\",\n }],\n targetOnDemandCapacity: 1,\n },\n coreInstanceFleet: {\n instanceTypeConfigs: [\n {\n bidPriceAsPercentageOfOnDemandPrice: 80,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m3.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.2xlarge\",\n weightedCapacity: 2,\n },\n ],\n launchSpecifications: {\n spotSpecifications: [{\n allocationStrategy: \"capacity-optimized\",\n blockDurationMinutes: 0,\n timeoutAction: \"SWITCH_TO_ON_DEMAND\",\n timeoutDurationMinutes: 10,\n }],\n },\n name: \"core fleet\",\n targetOnDemandCapacity: 2,\n targetSpotCapacity: 2,\n },\n});\nconst task = new aws.emr.InstanceFleet(\"task\", {\n clusterId: example.id,\n instanceTypeConfigs: [\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.2xlarge\",\n weightedCapacity: 2,\n },\n ],\n launchSpecifications: {\n spotSpecifications: [{\n allocationStrategy: \"capacity-optimized\",\n blockDurationMinutes: 0,\n timeoutAction: \"TERMINATE_CLUSTER\",\n timeoutDurationMinutes: 10,\n }],\n },\n targetOnDemandCapacity: 1,\n targetSpotCapacity: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.emr.Cluster(\"example\",\n master_instance_fleet=aws.emr.ClusterMasterInstanceFleetArgs(\n instance_type_configs=[aws.emr.ClusterMasterInstanceFleetInstanceTypeConfigArgs(\n instance_type=\"m4.xlarge\",\n )],\n target_on_demand_capacity=1,\n ),\n core_instance_fleet=aws.emr.ClusterCoreInstanceFleetArgs(\n instance_type_configs=[\n aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=80,\n ebs_configs=[aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m3.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.2xlarge\",\n weighted_capacity=2,\n ),\n ],\n launch_specifications=aws.emr.ClusterCoreInstanceFleetLaunchSpecificationsArgs(\n spot_specifications=[aws.emr.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs(\n allocation_strategy=\"capacity-optimized\",\n block_duration_minutes=0,\n timeout_action=\"SWITCH_TO_ON_DEMAND\",\n timeout_duration_minutes=10,\n )],\n ),\n name=\"core fleet\",\n target_on_demand_capacity=2,\n target_spot_capacity=2,\n ))\ntask = aws.emr.InstanceFleet(\"task\",\n cluster_id=example.id,\n instance_type_configs=[\n aws.emr.InstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.InstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.InstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.InstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.2xlarge\",\n weighted_capacity=2,\n ),\n ],\n launch_specifications=aws.emr.InstanceFleetLaunchSpecificationsArgs(\n spot_specifications=[aws.emr.InstanceFleetLaunchSpecificationsSpotSpecificationArgs(\n allocation_strategy=\"capacity-optimized\",\n block_duration_minutes=0,\n timeout_action=\"TERMINATE_CLUSTER\",\n timeout_duration_minutes=10,\n )],\n ),\n target_on_demand_capacity=1,\n target_spot_capacity=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Emr.Cluster(\"example\", new()\n {\n MasterInstanceFleet = new Aws.Emr.Inputs.ClusterMasterInstanceFleetArgs\n {\n InstanceTypeConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterMasterInstanceFleetInstanceTypeConfigArgs\n {\n InstanceType = \"m4.xlarge\",\n },\n },\n TargetOnDemandCapacity = 1,\n },\n CoreInstanceFleet = new Aws.Emr.Inputs.ClusterCoreInstanceFleetArgs\n {\n InstanceTypeConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 80,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m3.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.2xlarge\",\n WeightedCapacity = 2,\n },\n },\n LaunchSpecifications = new Aws.Emr.Inputs.ClusterCoreInstanceFleetLaunchSpecificationsArgs\n {\n SpotSpecifications = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs\n {\n AllocationStrategy = \"capacity-optimized\",\n BlockDurationMinutes = 0,\n TimeoutAction = \"SWITCH_TO_ON_DEMAND\",\n TimeoutDurationMinutes = 10,\n },\n },\n },\n Name = \"core fleet\",\n TargetOnDemandCapacity = 2,\n TargetSpotCapacity = 2,\n },\n });\n\n var task = new Aws.Emr.InstanceFleet(\"task\", new()\n {\n ClusterId = example.Id,\n InstanceTypeConfigs = new[]\n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.2xlarge\",\n WeightedCapacity = 2,\n },\n },\n LaunchSpecifications = new Aws.Emr.Inputs.InstanceFleetLaunchSpecificationsArgs\n {\n SpotSpecifications = new[]\n {\n new Aws.Emr.Inputs.InstanceFleetLaunchSpecificationsSpotSpecificationArgs\n {\n AllocationStrategy = \"capacity-optimized\",\n BlockDurationMinutes = 0,\n TimeoutAction = \"TERMINATE_CLUSTER\",\n TimeoutDurationMinutes = 10,\n },\n },\n },\n TargetOnDemandCapacity = 1,\n TargetSpotCapacity = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := emr.NewCluster(ctx, \"example\", \u0026emr.ClusterArgs{\n\t\t\tMasterInstanceFleet: \u0026emr.ClusterMasterInstanceFleetArgs{\n\t\t\t\tInstanceTypeConfigs: emr.ClusterMasterInstanceFleetInstanceTypeConfigArray{\n\t\t\t\t\t\u0026emr.ClusterMasterInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetOnDemandCapacity: pulumi.Int(1),\n\t\t\t},\n\t\t\tCoreInstanceFleet: \u0026emr.ClusterCoreInstanceFleetArgs{\n\t\t\t\tInstanceTypeConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigArray{\n\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(80),\n\t\t\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m3.xlarge\"),\n\t\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m4.2xlarge\"),\n\t\t\t\t\t\tWeightedCapacity: pulumi.Int(2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLaunchSpecifications: \u0026emr.ClusterCoreInstanceFleetLaunchSpecificationsArgs{\n\t\t\t\t\tSpotSpecifications: emr.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArray{\n\t\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs{\n\t\t\t\t\t\t\tAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t\t\t\tBlockDurationMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tTimeoutAction: pulumi.String(\"SWITCH_TO_ON_DEMAND\"),\n\t\t\t\t\t\t\tTimeoutDurationMinutes: pulumi.Int(10),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tName: pulumi.String(\"core fleet\"),\n\t\t\t\tTargetOnDemandCapacity: pulumi.Int(2),\n\t\t\t\tTargetSpotCapacity: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = emr.NewInstanceFleet(ctx, \"task\", \u0026emr.InstanceFleetArgs{\n\t\t\tClusterId: example.ID(),\n\t\t\tInstanceTypeConfigs: emr.InstanceFleetInstanceTypeConfigArray{\n\t\t\t\t\u0026emr.InstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\tEbsConfigs: emr.InstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\u0026emr.InstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\t\u0026emr.InstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\tEbsConfigs: emr.InstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\u0026emr.InstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.2xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLaunchSpecifications: \u0026emr.InstanceFleetLaunchSpecificationsArgs{\n\t\t\t\tSpotSpecifications: emr.InstanceFleetLaunchSpecificationsSpotSpecificationArray{\n\t\t\t\t\t\u0026emr.InstanceFleetLaunchSpecificationsSpotSpecificationArgs{\n\t\t\t\t\t\tAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t\t\tBlockDurationMinutes: pulumi.Int(0),\n\t\t\t\t\t\tTimeoutAction: pulumi.String(\"TERMINATE_CLUSTER\"),\n\t\t\t\t\t\tTimeoutDurationMinutes: pulumi.Int(10),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetOnDemandCapacity: pulumi.Int(1),\n\t\t\tTargetSpotCapacity: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.emr.Cluster;\nimport com.pulumi.aws.emr.ClusterArgs;\nimport com.pulumi.aws.emr.inputs.ClusterMasterInstanceFleetArgs;\nimport com.pulumi.aws.emr.inputs.ClusterCoreInstanceFleetArgs;\nimport com.pulumi.aws.emr.inputs.ClusterCoreInstanceFleetLaunchSpecificationsArgs;\nimport com.pulumi.aws.emr.InstanceFleet;\nimport com.pulumi.aws.emr.InstanceFleetArgs;\nimport com.pulumi.aws.emr.inputs.InstanceFleetInstanceTypeConfigArgs;\nimport com.pulumi.aws.emr.inputs.InstanceFleetLaunchSpecificationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .masterInstanceFleet(ClusterMasterInstanceFleetArgs.builder()\n .instanceTypeConfigs(ClusterMasterInstanceFleetInstanceTypeConfigArgs.builder()\n .instanceType(\"m4.xlarge\")\n .build())\n .targetOnDemandCapacity(1)\n .build())\n .coreInstanceFleet(ClusterCoreInstanceFleetArgs.builder()\n .instanceTypeConfigs( \n ClusterCoreInstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(80)\n .ebsConfigs(ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m3.xlarge\")\n .weightedCapacity(1)\n .build(),\n ClusterCoreInstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(100)\n .ebsConfigs(ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m4.xlarge\")\n .weightedCapacity(1)\n .build(),\n ClusterCoreInstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(100)\n .ebsConfigs(ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m4.2xlarge\")\n .weightedCapacity(2)\n .build())\n .launchSpecifications(ClusterCoreInstanceFleetLaunchSpecificationsArgs.builder()\n .spotSpecifications(ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs.builder()\n .allocationStrategy(\"capacity-optimized\")\n .blockDurationMinutes(0)\n .timeoutAction(\"SWITCH_TO_ON_DEMAND\")\n .timeoutDurationMinutes(10)\n .build())\n .build())\n .name(\"core fleet\")\n .targetOnDemandCapacity(2)\n .targetSpotCapacity(2)\n .build())\n .build());\n\n var task = new InstanceFleet(\"task\", InstanceFleetArgs.builder() \n .clusterId(example.id())\n .instanceTypeConfigs( \n InstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(100)\n .ebsConfigs(InstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m4.xlarge\")\n .weightedCapacity(1)\n .build(),\n InstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(100)\n .ebsConfigs(InstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m4.2xlarge\")\n .weightedCapacity(2)\n .build())\n .launchSpecifications(InstanceFleetLaunchSpecificationsArgs.builder()\n .spotSpecifications(InstanceFleetLaunchSpecificationsSpotSpecificationArgs.builder()\n .allocationStrategy(\"capacity-optimized\")\n .blockDurationMinutes(0)\n .timeoutAction(\"TERMINATE_CLUSTER\")\n .timeoutDurationMinutes(10)\n .build())\n .build())\n .targetOnDemandCapacity(1)\n .targetSpotCapacity(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:emr:Cluster\n properties:\n masterInstanceFleet:\n instanceTypeConfigs:\n - instanceType: m4.xlarge\n targetOnDemandCapacity: 1\n coreInstanceFleet:\n instanceTypeConfigs:\n - bidPriceAsPercentageOfOnDemandPrice: 80\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m3.xlarge\n weightedCapacity: 1\n - bidPriceAsPercentageOfOnDemandPrice: 100\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m4.xlarge\n weightedCapacity: 1\n - bidPriceAsPercentageOfOnDemandPrice: 100\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m4.2xlarge\n weightedCapacity: 2\n launchSpecifications:\n spotSpecifications:\n - allocationStrategy: capacity-optimized\n blockDurationMinutes: 0\n timeoutAction: SWITCH_TO_ON_DEMAND\n timeoutDurationMinutes: 10\n name: core fleet\n targetOnDemandCapacity: 2\n targetSpotCapacity: 2\n task:\n type: aws:emr:InstanceFleet\n properties:\n clusterId: ${example.id}\n instanceTypeConfigs:\n - bidPriceAsPercentageOfOnDemandPrice: 100\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m4.xlarge\n weightedCapacity: 1\n - bidPriceAsPercentageOfOnDemandPrice: 100\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m4.2xlarge\n weightedCapacity: 2\n launchSpecifications:\n spotSpecifications:\n - allocationStrategy: capacity-optimized\n blockDurationMinutes: 0\n timeoutAction: TERMINATE_CLUSTER\n timeoutDurationMinutes: 10\n targetOnDemandCapacity: 1\n targetSpotCapacity: 1\n```\n{{% /example %}}\n{{% example %}}\n### Enable Debug Logging\n\n[Debug logging in EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-debugging.html) is implemented as a step. It is highly recommended that you utilize the resource options configuration with `ignoreChanges` if other steps are being managed outside of this provider.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.emr.Cluster(\"example\", {steps: [{\n actionOnFailure: \"TERMINATE_CLUSTER\",\n name: \"Setup Hadoop Debugging\",\n hadoopJarStep: {\n jar: \"command-runner.jar\",\n args: [\"state-pusher-script\"],\n },\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.emr.Cluster(\"example\", steps=[aws.emr.ClusterStepArgs(\n action_on_failure=\"TERMINATE_CLUSTER\",\n name=\"Setup Hadoop Debugging\",\n hadoop_jar_step=aws.emr.ClusterStepHadoopJarStepArgs(\n jar=\"command-runner.jar\",\n args=[\"state-pusher-script\"],\n ),\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.Emr.Cluster(\"example\", new()\n {\n Steps = new[]\n {\n new Aws.Emr.Inputs.ClusterStepArgs\n {\n ActionOnFailure = \"TERMINATE_CLUSTER\",\n Name = \"Setup Hadoop Debugging\",\n HadoopJarStep = new Aws.Emr.Inputs.ClusterStepHadoopJarStepArgs\n {\n Jar = \"command-runner.jar\",\n Args = new[]\n {\n \"state-pusher-script\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := emr.NewCluster(ctx, \"example\", \u0026emr.ClusterArgs{\n\t\t\tSteps: emr.ClusterStepArray{\n\t\t\t\t\u0026emr.ClusterStepArgs{\n\t\t\t\t\tActionOnFailure: pulumi.String(\"TERMINATE_CLUSTER\"),\n\t\t\t\t\tName: pulumi.String(\"Setup Hadoop Debugging\"),\n\t\t\t\t\tHadoopJarStep: \u0026emr.ClusterStepHadoopJarStepArgs{\n\t\t\t\t\t\tJar: pulumi.String(\"command-runner.jar\"),\n\t\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"state-pusher-script\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.emr.Cluster;\nimport com.pulumi.aws.emr.ClusterArgs;\nimport com.pulumi.aws.emr.inputs.ClusterStepArgs;\nimport com.pulumi.aws.emr.inputs.ClusterStepHadoopJarStepArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .steps(ClusterStepArgs.builder()\n .actionOnFailure(\"TERMINATE_CLUSTER\")\n .name(\"Setup Hadoop Debugging\")\n .hadoopJarStep(ClusterStepHadoopJarStepArgs.builder()\n .jar(\"command-runner.jar\")\n .args(\"state-pusher-script\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:emr:Cluster\n properties:\n steps:\n - actionOnFailure: TERMINATE_CLUSTER\n name: Setup Hadoop Debugging\n hadoopJarStep:\n jar: command-runner.jar\n args:\n - state-pusher-script\n```\n{{% /example %}}\n{{% example %}}\n### Multiple Node Master Instance Group\n\nAvailable in EMR version 5.23.0 and later, an EMR Cluster can be launched with three master nodes for high availability. Additional information about this functionality and its requirements can be found in the [EMR Management Guide](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-ha.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// This configuration is for illustrative purposes and highlights\n// only relevant configurations for working with this functionality.\n// Map public IP on launch must be enabled for public (Internet accessible) subnets\n// ... other configuration ...\nconst exampleSubnet = new aws.ec2.Subnet(\"exampleSubnet\", {mapPublicIpOnLaunch: true});\n// ... other configuration ...\nconst exampleCluster = new aws.emr.Cluster(\"exampleCluster\", {\n releaseLabel: \"emr-5.24.1\",\n terminationProtection: true,\n ec2Attributes: {\n subnetId: exampleSubnet.id,\n },\n masterInstanceGroup: {\n instanceCount: 3,\n },\n coreInstanceGroup: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# This configuration is for illustrative purposes and highlights\n# only relevant configurations for working with this functionality.\n# Map public IP on launch must be enabled for public (Internet accessible) subnets\n# ... other configuration ...\nexample_subnet = aws.ec2.Subnet(\"exampleSubnet\", map_public_ip_on_launch=True)\n# ... other configuration ...\nexample_cluster = aws.emr.Cluster(\"exampleCluster\",\n release_label=\"emr-5.24.1\",\n termination_protection=True,\n ec2_attributes=aws.emr.ClusterEc2AttributesArgs(\n subnet_id=example_subnet.id,\n ),\n master_instance_group=aws.emr.ClusterMasterInstanceGroupArgs(\n instance_count=3,\n ),\n core_instance_group=aws.emr.ClusterCoreInstanceGroupArgs())\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This configuration is for illustrative purposes and highlights\n // only relevant configurations for working with this functionality.\n // Map public IP on launch must be enabled for public (Internet accessible) subnets\n // ... other configuration ...\n var exampleSubnet = new Aws.Ec2.Subnet(\"exampleSubnet\", new()\n {\n MapPublicIpOnLaunch = true,\n });\n\n // ... other configuration ...\n var exampleCluster = new Aws.Emr.Cluster(\"exampleCluster\", new()\n {\n ReleaseLabel = \"emr-5.24.1\",\n TerminationProtection = true,\n Ec2Attributes = new Aws.Emr.Inputs.ClusterEc2AttributesArgs\n {\n SubnetId = exampleSubnet.Id,\n },\n MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs\n {\n InstanceCount = 3,\n },\n CoreInstanceGroup = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleSubnet, err := ec2.NewSubnet(ctx, \"exampleSubnet\", \u0026ec2.SubnetArgs{\n\t\t\tMapPublicIpOnLaunch: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = emr.NewCluster(ctx, \"exampleCluster\", \u0026emr.ClusterArgs{\n\t\t\tReleaseLabel: pulumi.String(\"emr-5.24.1\"),\n\t\t\tTerminationProtection: pulumi.Bool(true),\n\t\t\tEc2Attributes: \u0026emr.ClusterEc2AttributesArgs{\n\t\t\t\tSubnetId: exampleSubnet.ID(),\n\t\t\t},\n\t\t\tMasterInstanceGroup: \u0026emr.ClusterMasterInstanceGroupArgs{\n\t\t\t\tInstanceCount: pulumi.Int(3),\n\t\t\t},\n\t\t\tCoreInstanceGroup: nil,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.emr.Cluster;\nimport com.pulumi.aws.emr.ClusterArgs;\nimport com.pulumi.aws.emr.inputs.ClusterEc2AttributesArgs;\nimport com.pulumi.aws.emr.inputs.ClusterMasterInstanceGroupArgs;\nimport com.pulumi.aws.emr.inputs.ClusterCoreInstanceGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder() \n .mapPublicIpOnLaunch(true)\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .releaseLabel(\"emr-5.24.1\")\n .terminationProtection(true)\n .ec2Attributes(ClusterEc2AttributesArgs.builder()\n .subnetId(exampleSubnet.id())\n .build())\n .masterInstanceGroup(ClusterMasterInstanceGroupArgs.builder()\n .instanceCount(3)\n .build())\n .coreInstanceGroup()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # This configuration is for illustrative purposes and highlights\n # only relevant configurations for working with this functionality.\n\n # Map public IP on launch must be enabled for public (Internet accessible) subnets\n exampleSubnet:\n type: aws:ec2:Subnet\n properties:\n mapPublicIpOnLaunch: true\n exampleCluster:\n type: aws:emr:Cluster\n properties:\n # EMR version must be 5.23.0 or later\n releaseLabel: emr-5.24.1\n # Termination protection is automatically enabled for multiple masters\n # # To destroy the cluster, this must be configured to false and applied first\n terminationProtection: true\n ec2Attributes:\n subnetId: ${exampleSubnet.id}\n masterInstanceGroup:\n instanceCount: 3\n coreInstanceGroup: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import EMR clusters using the `id`. For example:\n\n```sh\n $ pulumi import aws:emr/cluster:Cluster cluster j-123456ABCDEF\n```\n Since the API does not return the actual values for Kerberos configurations, environments with those options set will need to use the `lifecycle` configuration block `ignore_changes` argument available to all Pulumi resources to prevent perpetual differences. For example:\n\n", + "description": "Provides an Elastic MapReduce Cluster, a web service that makes it easy to process large amounts of data efficiently. See [Amazon Elastic MapReduce Documentation](https://aws.amazon.com/documentation/elastic-mapreduce/) for more information.\n\nTo configure [Instance Groups](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for [task nodes](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-task), see the `aws.emr.InstanceGroup` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cluster = new aws.emr.Cluster(\"cluster\", {\n releaseLabel: \"emr-4.6.0\",\n applications: [\"Spark\"],\n additionalInfo: `{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n`,\n terminationProtection: false,\n keepJobFlowAliveWhenNoSteps: true,\n ec2Attributes: {\n subnetId: aws_subnet.main.id,\n emrManagedMasterSecurityGroup: aws_security_group.sg.id,\n emrManagedSlaveSecurityGroup: aws_security_group.sg.id,\n instanceProfile: aws_iam_instance_profile.emr_profile.arn,\n },\n masterInstanceGroup: {\n instanceType: \"m4.large\",\n },\n coreInstanceGroup: {\n instanceType: \"c4.large\",\n instanceCount: 1,\n ebsConfigs: [{\n size: 40,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n bidPrice: \"0.30\",\n autoscalingPolicy: `{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n`,\n },\n ebsRootVolumeSize: 100,\n tags: {\n role: \"rolename\",\n env: \"env\",\n },\n bootstrapActions: [{\n path: \"s3://elasticmapreduce/bootstrap-actions/run-if\",\n name: \"runif\",\n args: [\n \"instance.isMaster=true\",\n \"echo running on master node\",\n ],\n }],\n configurationsJson: ` [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n`,\n serviceRole: aws_iam_role.iam_emr_service_role.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncluster = aws.emr.Cluster(\"cluster\",\n release_label=\"emr-4.6.0\",\n applications=[\"Spark\"],\n additional_info=\"\"\"{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n\"\"\",\n termination_protection=False,\n keep_job_flow_alive_when_no_steps=True,\n ec2_attributes=aws.emr.ClusterEc2AttributesArgs(\n subnet_id=aws_subnet[\"main\"][\"id\"],\n emr_managed_master_security_group=aws_security_group[\"sg\"][\"id\"],\n emr_managed_slave_security_group=aws_security_group[\"sg\"][\"id\"],\n instance_profile=aws_iam_instance_profile[\"emr_profile\"][\"arn\"],\n ),\n master_instance_group=aws.emr.ClusterMasterInstanceGroupArgs(\n instance_type=\"m4.large\",\n ),\n core_instance_group=aws.emr.ClusterCoreInstanceGroupArgs(\n instance_type=\"c4.large\",\n instance_count=1,\n ebs_configs=[aws.emr.ClusterCoreInstanceGroupEbsConfigArgs(\n size=40,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n bid_price=\"0.30\",\n autoscaling_policy=\"\"\"{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n\"\"\",\n ),\n ebs_root_volume_size=100,\n tags={\n \"role\": \"rolename\",\n \"env\": \"env\",\n },\n bootstrap_actions=[aws.emr.ClusterBootstrapActionArgs(\n path=\"s3://elasticmapreduce/bootstrap-actions/run-if\",\n name=\"runif\",\n args=[\n \"instance.isMaster=true\",\n \"echo running on master node\",\n ],\n )],\n configurations_json=\"\"\" [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n\"\"\",\n service_role=aws_iam_role[\"iam_emr_service_role\"][\"arn\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var cluster = new Aws.Emr.Cluster(\"cluster\", new()\n {\n ReleaseLabel = \"emr-4.6.0\",\n Applications = new[]\n {\n \"Spark\",\n },\n AdditionalInfo = @\"{\n \"\"instanceAwsClientConfiguration\"\": {\n \"\"proxyPort\"\": 8099,\n \"\"proxyHost\"\": \"\"myproxy.example.com\"\"\n }\n}\n\",\n TerminationProtection = false,\n KeepJobFlowAliveWhenNoSteps = true,\n Ec2Attributes = new Aws.Emr.Inputs.ClusterEc2AttributesArgs\n {\n SubnetId = aws_subnet.Main.Id,\n EmrManagedMasterSecurityGroup = aws_security_group.Sg.Id,\n EmrManagedSlaveSecurityGroup = aws_security_group.Sg.Id,\n InstanceProfile = aws_iam_instance_profile.Emr_profile.Arn,\n },\n MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs\n {\n InstanceType = \"m4.large\",\n },\n CoreInstanceGroup = new Aws.Emr.Inputs.ClusterCoreInstanceGroupArgs\n {\n InstanceType = \"c4.large\",\n InstanceCount = 1,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceGroupEbsConfigArgs\n {\n Size = 40,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n BidPrice = \"0.30\",\n AutoscalingPolicy = @\"{\n\"\"Constraints\"\": {\n \"\"MinCapacity\"\": 1,\n \"\"MaxCapacity\"\": 2\n},\n\"\"Rules\"\": [\n {\n \"\"Name\"\": \"\"ScaleOutMemoryPercentage\"\",\n \"\"Description\"\": \"\"Scale out if YARNMemoryAvailablePercentage is less than 15\"\",\n \"\"Action\"\": {\n \"\"SimpleScalingPolicyConfiguration\"\": {\n \"\"AdjustmentType\"\": \"\"CHANGE_IN_CAPACITY\"\",\n \"\"ScalingAdjustment\"\": 1,\n \"\"CoolDown\"\": 300\n }\n },\n \"\"Trigger\"\": {\n \"\"CloudWatchAlarmDefinition\"\": {\n \"\"ComparisonOperator\"\": \"\"LESS_THAN\"\",\n \"\"EvaluationPeriods\"\": 1,\n \"\"MetricName\"\": \"\"YARNMemoryAvailablePercentage\"\",\n \"\"Namespace\"\": \"\"AWS/ElasticMapReduce\"\",\n \"\"Period\"\": 300,\n \"\"Statistic\"\": \"\"AVERAGE\"\",\n \"\"Threshold\"\": 15.0,\n \"\"Unit\"\": \"\"PERCENT\"\"\n }\n }\n }\n]\n}\n\",\n },\n EbsRootVolumeSize = 100,\n Tags = \n {\n { \"role\", \"rolename\" },\n { \"env\", \"env\" },\n },\n BootstrapActions = new[]\n {\n new Aws.Emr.Inputs.ClusterBootstrapActionArgs\n {\n Path = \"s3://elasticmapreduce/bootstrap-actions/run-if\",\n Name = \"runif\",\n Args = new[]\n {\n \"instance.isMaster=true\",\n \"echo running on master node\",\n },\n },\n },\n ConfigurationsJson = @\" [\n {\n \"\"Classification\"\": \"\"hadoop-env\"\",\n \"\"Configurations\"\": [\n {\n \"\"Classification\"\": \"\"export\"\",\n \"\"Properties\"\": {\n \"\"JAVA_HOME\"\": \"\"/usr/lib/jvm/java-1.8.0\"\"\n }\n }\n ],\n \"\"Properties\"\": {}\n },\n {\n \"\"Classification\"\": \"\"spark-env\"\",\n \"\"Configurations\"\": [\n {\n \"\"Classification\"\": \"\"export\"\",\n \"\"Properties\"\": {\n \"\"JAVA_HOME\"\": \"\"/usr/lib/jvm/java-1.8.0\"\"\n }\n }\n ],\n \"\"Properties\"\": {}\n }\n ]\n\",\n ServiceRole = aws_iam_role.Iam_emr_service_role.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := emr.NewCluster(ctx, \"cluster\", \u0026emr.ClusterArgs{\n\t\t\tReleaseLabel: pulumi.String(\"emr-4.6.0\"),\n\t\t\tApplications: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Spark\"),\n\t\t\t},\n\t\t\tAdditionalInfo: pulumi.String(`{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n`),\n\t\t\tTerminationProtection: pulumi.Bool(false),\n\t\t\tKeepJobFlowAliveWhenNoSteps: pulumi.Bool(true),\n\t\t\tEc2Attributes: \u0026emr.ClusterEc2AttributesArgs{\n\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Main.Id),\n\t\t\t\tEmrManagedMasterSecurityGroup: pulumi.Any(aws_security_group.Sg.Id),\n\t\t\t\tEmrManagedSlaveSecurityGroup: pulumi.Any(aws_security_group.Sg.Id),\n\t\t\t\tInstanceProfile: pulumi.Any(aws_iam_instance_profile.Emr_profile.Arn),\n\t\t\t},\n\t\t\tMasterInstanceGroup: \u0026emr.ClusterMasterInstanceGroupArgs{\n\t\t\t\tInstanceType: pulumi.String(\"m4.large\"),\n\t\t\t},\n\t\t\tCoreInstanceGroup: \u0026emr.ClusterCoreInstanceGroupArgs{\n\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\tInstanceCount: pulumi.Int(1),\n\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceGroupEbsConfigArray{\n\t\t\t\t\t\u0026emr.ClusterCoreInstanceGroupEbsConfigArgs{\n\t\t\t\t\t\tSize: pulumi.Int(40),\n\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tBidPrice: pulumi.String(\"0.30\"),\n\t\t\t\tAutoscalingPolicy: pulumi.String(`{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n`),\n\t\t\t},\n\t\t\tEbsRootVolumeSize: pulumi.Int(100),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"role\": pulumi.String(\"rolename\"),\n\t\t\t\t\"env\": pulumi.String(\"env\"),\n\t\t\t},\n\t\t\tBootstrapActions: emr.ClusterBootstrapActionArray{\n\t\t\t\t\u0026emr.ClusterBootstrapActionArgs{\n\t\t\t\t\tPath: pulumi.String(\"s3://elasticmapreduce/bootstrap-actions/run-if\"),\n\t\t\t\t\tName: pulumi.String(\"runif\"),\n\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"instance.isMaster=true\"),\n\t\t\t\t\t\tpulumi.String(\"echo running on master node\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConfigurationsJson: pulumi.String(` [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n`),\n\t\t\tServiceRole: pulumi.Any(aws_iam_role.Iam_emr_service_role.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.emr.Cluster;\nimport com.pulumi.aws.emr.ClusterArgs;\nimport com.pulumi.aws.emr.inputs.ClusterEc2AttributesArgs;\nimport com.pulumi.aws.emr.inputs.ClusterMasterInstanceGroupArgs;\nimport com.pulumi.aws.emr.inputs.ClusterCoreInstanceGroupArgs;\nimport com.pulumi.aws.emr.inputs.ClusterBootstrapActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var cluster = new Cluster(\"cluster\", ClusterArgs.builder() \n .releaseLabel(\"emr-4.6.0\")\n .applications(\"Spark\")\n .additionalInfo(\"\"\"\n{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n \"\"\")\n .terminationProtection(false)\n .keepJobFlowAliveWhenNoSteps(true)\n .ec2Attributes(ClusterEc2AttributesArgs.builder()\n .subnetId(aws_subnet.main().id())\n .emrManagedMasterSecurityGroup(aws_security_group.sg().id())\n .emrManagedSlaveSecurityGroup(aws_security_group.sg().id())\n .instanceProfile(aws_iam_instance_profile.emr_profile().arn())\n .build())\n .masterInstanceGroup(ClusterMasterInstanceGroupArgs.builder()\n .instanceType(\"m4.large\")\n .build())\n .coreInstanceGroup(ClusterCoreInstanceGroupArgs.builder()\n .instanceType(\"c4.large\")\n .instanceCount(1)\n .ebsConfigs(ClusterCoreInstanceGroupEbsConfigArgs.builder()\n .size(\"40\")\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .bidPrice(\"0.30\")\n .autoscalingPolicy(\"\"\"\n{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n \"\"\")\n .build())\n .ebsRootVolumeSize(100)\n .tags(Map.ofEntries(\n Map.entry(\"role\", \"rolename\"),\n Map.entry(\"env\", \"env\")\n ))\n .bootstrapActions(ClusterBootstrapActionArgs.builder()\n .path(\"s3://elasticmapreduce/bootstrap-actions/run-if\")\n .name(\"runif\")\n .args( \n \"instance.isMaster=true\",\n \"echo running on master node\")\n .build())\n .configurationsJson(\"\"\"\n [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n \"\"\")\n .serviceRole(aws_iam_role.iam_emr_service_role().arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n cluster:\n type: aws:emr:Cluster\n properties:\n releaseLabel: emr-4.6.0\n applications:\n - Spark\n additionalInfo: |\n {\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n }\n terminationProtection: false\n keepJobFlowAliveWhenNoSteps: true\n ec2Attributes:\n subnetId: ${aws_subnet.main.id}\n emrManagedMasterSecurityGroup: ${aws_security_group.sg.id}\n emrManagedSlaveSecurityGroup: ${aws_security_group.sg.id}\n instanceProfile: ${aws_iam_instance_profile.emr_profile.arn}\n masterInstanceGroup:\n instanceType: m4.large\n coreInstanceGroup:\n instanceType: c4.large\n instanceCount: 1\n ebsConfigs:\n - size: '40'\n type: gp2\n volumesPerInstance: 1\n bidPrice: '0.30'\n autoscalingPolicy: |\n {\n \"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n },\n \"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n ]\n }\n ebsRootVolumeSize: 100\n tags:\n role: rolename\n env: env\n bootstrapActions:\n - path: s3://elasticmapreduce/bootstrap-actions/run-if\n name: runif\n args:\n - instance.isMaster=true\n - echo running on master node\n configurationsJson: |2\n [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n serviceRole: ${aws_iam_role.iam_emr_service_role.arn}\n```\n\nThe `aws.emr.Cluster` resource typically requires two IAM roles, one for the EMR Cluster to use as a service role, and another is assigned to every EC2 instance in a cluster and each application process that runs on a cluster assumes this role for permissions to interact with other AWS services. An additional role, the Auto Scaling role, is required if your cluster uses automatic scaling in Amazon EMR.\n\nThe default AWS managed EMR service role is called `EMR_DefaultRole` with Amazon managed policy `AmazonEMRServicePolicy_v2` attached. The name of default instance profile role is `EMR_EC2_DefaultRole` with default managed policy `AmazonElasticMapReduceforEC2Role` attached, but it is on the path to deprecation and will not be replaced with another default managed policy. You'll need to create and specify an instance profile to replace the deprecated role and default policy. See the [Configure IAM service roles for Amazon EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-iam-roles.html) guide for more information on these IAM roles. There is also a fully-bootable example Pulumi configuration at the bottom of this page.\n{{% /example %}}\n{{% example %}}\n### Instance Fleet\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.emr.Cluster(\"example\", {\n masterInstanceFleet: {\n instanceTypeConfigs: [{\n instanceType: \"m4.xlarge\",\n }],\n targetOnDemandCapacity: 1,\n },\n coreInstanceFleet: {\n instanceTypeConfigs: [\n {\n bidPriceAsPercentageOfOnDemandPrice: 80,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m3.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.2xlarge\",\n weightedCapacity: 2,\n },\n ],\n launchSpecifications: {\n spotSpecifications: [{\n allocationStrategy: \"capacity-optimized\",\n blockDurationMinutes: 0,\n timeoutAction: \"SWITCH_TO_ON_DEMAND\",\n timeoutDurationMinutes: 10,\n }],\n },\n name: \"core fleet\",\n targetOnDemandCapacity: 2,\n targetSpotCapacity: 2,\n },\n});\nconst task = new aws.emr.InstanceFleet(\"task\", {\n clusterId: example.id,\n instanceTypeConfigs: [\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.2xlarge\",\n weightedCapacity: 2,\n },\n ],\n launchSpecifications: {\n spotSpecifications: [{\n allocationStrategy: \"capacity-optimized\",\n blockDurationMinutes: 0,\n timeoutAction: \"TERMINATE_CLUSTER\",\n timeoutDurationMinutes: 10,\n }],\n },\n targetOnDemandCapacity: 1,\n targetSpotCapacity: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.emr.Cluster(\"example\",\n master_instance_fleet=aws.emr.ClusterMasterInstanceFleetArgs(\n instance_type_configs=[aws.emr.ClusterMasterInstanceFleetInstanceTypeConfigArgs(\n instance_type=\"m4.xlarge\",\n )],\n target_on_demand_capacity=1,\n ),\n core_instance_fleet=aws.emr.ClusterCoreInstanceFleetArgs(\n instance_type_configs=[\n aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=80,\n ebs_configs=[aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m3.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.2xlarge\",\n weighted_capacity=2,\n ),\n ],\n launch_specifications=aws.emr.ClusterCoreInstanceFleetLaunchSpecificationsArgs(\n spot_specifications=[aws.emr.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs(\n allocation_strategy=\"capacity-optimized\",\n block_duration_minutes=0,\n timeout_action=\"SWITCH_TO_ON_DEMAND\",\n timeout_duration_minutes=10,\n )],\n ),\n name=\"core fleet\",\n target_on_demand_capacity=2,\n target_spot_capacity=2,\n ))\ntask = aws.emr.InstanceFleet(\"task\",\n cluster_id=example.id,\n instance_type_configs=[\n aws.emr.InstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.InstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.InstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.InstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.2xlarge\",\n weighted_capacity=2,\n ),\n ],\n launch_specifications=aws.emr.InstanceFleetLaunchSpecificationsArgs(\n spot_specifications=[aws.emr.InstanceFleetLaunchSpecificationsSpotSpecificationArgs(\n allocation_strategy=\"capacity-optimized\",\n block_duration_minutes=0,\n timeout_action=\"TERMINATE_CLUSTER\",\n timeout_duration_minutes=10,\n )],\n ),\n target_on_demand_capacity=1,\n target_spot_capacity=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Emr.Cluster(\"example\", new()\n {\n MasterInstanceFleet = new Aws.Emr.Inputs.ClusterMasterInstanceFleetArgs\n {\n InstanceTypeConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterMasterInstanceFleetInstanceTypeConfigArgs\n {\n InstanceType = \"m4.xlarge\",\n },\n },\n TargetOnDemandCapacity = 1,\n },\n CoreInstanceFleet = new Aws.Emr.Inputs.ClusterCoreInstanceFleetArgs\n {\n InstanceTypeConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 80,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m3.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.2xlarge\",\n WeightedCapacity = 2,\n },\n },\n LaunchSpecifications = new Aws.Emr.Inputs.ClusterCoreInstanceFleetLaunchSpecificationsArgs\n {\n SpotSpecifications = new[]\n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs\n {\n AllocationStrategy = \"capacity-optimized\",\n BlockDurationMinutes = 0,\n TimeoutAction = \"SWITCH_TO_ON_DEMAND\",\n TimeoutDurationMinutes = 10,\n },\n },\n },\n Name = \"core fleet\",\n TargetOnDemandCapacity = 2,\n TargetSpotCapacity = 2,\n },\n });\n\n var task = new Aws.Emr.InstanceFleet(\"task\", new()\n {\n ClusterId = example.Id,\n InstanceTypeConfigs = new[]\n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = new[]\n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.2xlarge\",\n WeightedCapacity = 2,\n },\n },\n LaunchSpecifications = new Aws.Emr.Inputs.InstanceFleetLaunchSpecificationsArgs\n {\n SpotSpecifications = new[]\n {\n new Aws.Emr.Inputs.InstanceFleetLaunchSpecificationsSpotSpecificationArgs\n {\n AllocationStrategy = \"capacity-optimized\",\n BlockDurationMinutes = 0,\n TimeoutAction = \"TERMINATE_CLUSTER\",\n TimeoutDurationMinutes = 10,\n },\n },\n },\n TargetOnDemandCapacity = 1,\n TargetSpotCapacity = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := emr.NewCluster(ctx, \"example\", \u0026emr.ClusterArgs{\n\t\t\tMasterInstanceFleet: \u0026emr.ClusterMasterInstanceFleetArgs{\n\t\t\t\tInstanceTypeConfigs: emr.ClusterMasterInstanceFleetInstanceTypeConfigArray{\n\t\t\t\t\t\u0026emr.ClusterMasterInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetOnDemandCapacity: pulumi.Int(1),\n\t\t\t},\n\t\t\tCoreInstanceFleet: \u0026emr.ClusterCoreInstanceFleetArgs{\n\t\t\t\tInstanceTypeConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigArray{\n\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(80),\n\t\t\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m3.xlarge\"),\n\t\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m4.2xlarge\"),\n\t\t\t\t\t\tWeightedCapacity: pulumi.Int(2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLaunchSpecifications: \u0026emr.ClusterCoreInstanceFleetLaunchSpecificationsArgs{\n\t\t\t\t\tSpotSpecifications: emr.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArray{\n\t\t\t\t\t\t\u0026emr.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs{\n\t\t\t\t\t\t\tAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t\t\t\tBlockDurationMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tTimeoutAction: pulumi.String(\"SWITCH_TO_ON_DEMAND\"),\n\t\t\t\t\t\t\tTimeoutDurationMinutes: pulumi.Int(10),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tName: pulumi.String(\"core fleet\"),\n\t\t\t\tTargetOnDemandCapacity: pulumi.Int(2),\n\t\t\t\tTargetSpotCapacity: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = emr.NewInstanceFleet(ctx, \"task\", \u0026emr.InstanceFleetArgs{\n\t\t\tClusterId: example.ID(),\n\t\t\tInstanceTypeConfigs: emr.InstanceFleetInstanceTypeConfigArray{\n\t\t\t\t\u0026emr.InstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\tEbsConfigs: emr.InstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\u0026emr.InstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\t\u0026emr.InstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\tEbsConfigs: emr.InstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\u0026emr.InstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.2xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLaunchSpecifications: \u0026emr.InstanceFleetLaunchSpecificationsArgs{\n\t\t\t\tSpotSpecifications: emr.InstanceFleetLaunchSpecificationsSpotSpecificationArray{\n\t\t\t\t\t\u0026emr.InstanceFleetLaunchSpecificationsSpotSpecificationArgs{\n\t\t\t\t\t\tAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t\t\tBlockDurationMinutes: pulumi.Int(0),\n\t\t\t\t\t\tTimeoutAction: pulumi.String(\"TERMINATE_CLUSTER\"),\n\t\t\t\t\t\tTimeoutDurationMinutes: pulumi.Int(10),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetOnDemandCapacity: pulumi.Int(1),\n\t\t\tTargetSpotCapacity: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.emr.Cluster;\nimport com.pulumi.aws.emr.ClusterArgs;\nimport com.pulumi.aws.emr.inputs.ClusterMasterInstanceFleetArgs;\nimport com.pulumi.aws.emr.inputs.ClusterCoreInstanceFleetArgs;\nimport com.pulumi.aws.emr.inputs.ClusterCoreInstanceFleetLaunchSpecificationsArgs;\nimport com.pulumi.aws.emr.InstanceFleet;\nimport com.pulumi.aws.emr.InstanceFleetArgs;\nimport com.pulumi.aws.emr.inputs.InstanceFleetInstanceTypeConfigArgs;\nimport com.pulumi.aws.emr.inputs.InstanceFleetLaunchSpecificationsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .masterInstanceFleet(ClusterMasterInstanceFleetArgs.builder()\n .instanceTypeConfigs(ClusterMasterInstanceFleetInstanceTypeConfigArgs.builder()\n .instanceType(\"m4.xlarge\")\n .build())\n .targetOnDemandCapacity(1)\n .build())\n .coreInstanceFleet(ClusterCoreInstanceFleetArgs.builder()\n .instanceTypeConfigs( \n ClusterCoreInstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(80)\n .ebsConfigs(ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m3.xlarge\")\n .weightedCapacity(1)\n .build(),\n ClusterCoreInstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(100)\n .ebsConfigs(ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m4.xlarge\")\n .weightedCapacity(1)\n .build(),\n ClusterCoreInstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(100)\n .ebsConfigs(ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m4.2xlarge\")\n .weightedCapacity(2)\n .build())\n .launchSpecifications(ClusterCoreInstanceFleetLaunchSpecificationsArgs.builder()\n .spotSpecifications(ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs.builder()\n .allocationStrategy(\"capacity-optimized\")\n .blockDurationMinutes(0)\n .timeoutAction(\"SWITCH_TO_ON_DEMAND\")\n .timeoutDurationMinutes(10)\n .build())\n .build())\n .name(\"core fleet\")\n .targetOnDemandCapacity(2)\n .targetSpotCapacity(2)\n .build())\n .build());\n\n var task = new InstanceFleet(\"task\", InstanceFleetArgs.builder() \n .clusterId(example.id())\n .instanceTypeConfigs( \n InstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(100)\n .ebsConfigs(InstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m4.xlarge\")\n .weightedCapacity(1)\n .build(),\n InstanceFleetInstanceTypeConfigArgs.builder()\n .bidPriceAsPercentageOfOnDemandPrice(100)\n .ebsConfigs(InstanceFleetInstanceTypeConfigEbsConfigArgs.builder()\n .size(100)\n .type(\"gp2\")\n .volumesPerInstance(1)\n .build())\n .instanceType(\"m4.2xlarge\")\n .weightedCapacity(2)\n .build())\n .launchSpecifications(InstanceFleetLaunchSpecificationsArgs.builder()\n .spotSpecifications(InstanceFleetLaunchSpecificationsSpotSpecificationArgs.builder()\n .allocationStrategy(\"capacity-optimized\")\n .blockDurationMinutes(0)\n .timeoutAction(\"TERMINATE_CLUSTER\")\n .timeoutDurationMinutes(10)\n .build())\n .build())\n .targetOnDemandCapacity(1)\n .targetSpotCapacity(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:emr:Cluster\n properties:\n masterInstanceFleet:\n instanceTypeConfigs:\n - instanceType: m4.xlarge\n targetOnDemandCapacity: 1\n coreInstanceFleet:\n instanceTypeConfigs:\n - bidPriceAsPercentageOfOnDemandPrice: 80\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m3.xlarge\n weightedCapacity: 1\n - bidPriceAsPercentageOfOnDemandPrice: 100\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m4.xlarge\n weightedCapacity: 1\n - bidPriceAsPercentageOfOnDemandPrice: 100\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m4.2xlarge\n weightedCapacity: 2\n launchSpecifications:\n spotSpecifications:\n - allocationStrategy: capacity-optimized\n blockDurationMinutes: 0\n timeoutAction: SWITCH_TO_ON_DEMAND\n timeoutDurationMinutes: 10\n name: core fleet\n targetOnDemandCapacity: 2\n targetSpotCapacity: 2\n task:\n type: aws:emr:InstanceFleet\n properties:\n clusterId: ${example.id}\n instanceTypeConfigs:\n - bidPriceAsPercentageOfOnDemandPrice: 100\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m4.xlarge\n weightedCapacity: 1\n - bidPriceAsPercentageOfOnDemandPrice: 100\n ebsConfigs:\n - size: 100\n type: gp2\n volumesPerInstance: 1\n instanceType: m4.2xlarge\n weightedCapacity: 2\n launchSpecifications:\n spotSpecifications:\n - allocationStrategy: capacity-optimized\n blockDurationMinutes: 0\n timeoutAction: TERMINATE_CLUSTER\n timeoutDurationMinutes: 10\n targetOnDemandCapacity: 1\n targetSpotCapacity: 1\n```\n{{% /example %}}\n{{% example %}}\n### Enable Debug Logging\n\n[Debug logging in EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-debugging.html) is implemented as a step. It is highly recommended that you utilize the resource options configuration with `ignoreChanges` if other steps are being managed outside of this provider.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.emr.Cluster(\"example\", {steps: [{\n actionOnFailure: \"TERMINATE_CLUSTER\",\n name: \"Setup Hadoop Debugging\",\n hadoopJarStep: {\n jar: \"command-runner.jar\",\n args: [\"state-pusher-script\"],\n },\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.emr.Cluster(\"example\", steps=[aws.emr.ClusterStepArgs(\n action_on_failure=\"TERMINATE_CLUSTER\",\n name=\"Setup Hadoop Debugging\",\n hadoop_jar_step=aws.emr.ClusterStepHadoopJarStepArgs(\n jar=\"command-runner.jar\",\n args=[\"state-pusher-script\"],\n ),\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.Emr.Cluster(\"example\", new()\n {\n Steps = new[]\n {\n new Aws.Emr.Inputs.ClusterStepArgs\n {\n ActionOnFailure = \"TERMINATE_CLUSTER\",\n Name = \"Setup Hadoop Debugging\",\n HadoopJarStep = new Aws.Emr.Inputs.ClusterStepHadoopJarStepArgs\n {\n Jar = \"command-runner.jar\",\n Args = new[]\n {\n \"state-pusher-script\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\t_, err := emr.NewCluster(ctx, \"example\", \u0026emr.ClusterArgs{\n\t\t\tSteps: emr.ClusterStepArray{\n\t\t\t\t\u0026emr.ClusterStepArgs{\n\t\t\t\t\tActionOnFailure: pulumi.String(\"TERMINATE_CLUSTER\"),\n\t\t\t\t\tName: pulumi.String(\"Setup Hadoop Debugging\"),\n\t\t\t\t\tHadoopJarStep: \u0026emr.ClusterStepHadoopJarStepArgs{\n\t\t\t\t\t\tJar: pulumi.String(\"command-runner.jar\"),\n\t\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"state-pusher-script\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.emr.Cluster;\nimport com.pulumi.aws.emr.ClusterArgs;\nimport com.pulumi.aws.emr.inputs.ClusterStepArgs;\nimport com.pulumi.aws.emr.inputs.ClusterStepHadoopJarStepArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Cluster(\"example\", ClusterArgs.builder() \n .steps(ClusterStepArgs.builder()\n .actionOnFailure(\"TERMINATE_CLUSTER\")\n .name(\"Setup Hadoop Debugging\")\n .hadoopJarStep(ClusterStepHadoopJarStepArgs.builder()\n .jar(\"command-runner.jar\")\n .args(\"state-pusher-script\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:emr:Cluster\n properties:\n steps:\n - actionOnFailure: TERMINATE_CLUSTER\n name: Setup Hadoop Debugging\n hadoopJarStep:\n jar: command-runner.jar\n args:\n - state-pusher-script\n```\n{{% /example %}}\n{{% example %}}\n### Multiple Node Master Instance Group\n\nAvailable in EMR version 5.23.0 and later, an EMR Cluster can be launched with three master nodes for high availability. Additional information about this functionality and its requirements can be found in the [EMR Management Guide](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-ha.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// This configuration is for illustrative purposes and highlights\n// only relevant configurations for working with this functionality.\n// Map public IP on launch must be enabled for public (Internet accessible) subnets\n// ... other configuration ...\nconst exampleSubnet = new aws.ec2.Subnet(\"exampleSubnet\", {mapPublicIpOnLaunch: true});\n// ... other configuration ...\nconst exampleCluster = new aws.emr.Cluster(\"exampleCluster\", {\n releaseLabel: \"emr-5.24.1\",\n terminationProtection: true,\n ec2Attributes: {\n subnetId: exampleSubnet.id,\n },\n masterInstanceGroup: {\n instanceCount: 3,\n },\n coreInstanceGroup: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# This configuration is for illustrative purposes and highlights\n# only relevant configurations for working with this functionality.\n# Map public IP on launch must be enabled for public (Internet accessible) subnets\n# ... other configuration ...\nexample_subnet = aws.ec2.Subnet(\"exampleSubnet\", map_public_ip_on_launch=True)\n# ... other configuration ...\nexample_cluster = aws.emr.Cluster(\"exampleCluster\",\n release_label=\"emr-5.24.1\",\n termination_protection=True,\n ec2_attributes=aws.emr.ClusterEc2AttributesArgs(\n subnet_id=example_subnet.id,\n ),\n master_instance_group=aws.emr.ClusterMasterInstanceGroupArgs(\n instance_count=3,\n ),\n core_instance_group=aws.emr.ClusterCoreInstanceGroupArgs())\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // This configuration is for illustrative purposes and highlights\n // only relevant configurations for working with this functionality.\n // Map public IP on launch must be enabled for public (Internet accessible) subnets\n // ... other configuration ...\n var exampleSubnet = new Aws.Ec2.Subnet(\"exampleSubnet\", new()\n {\n MapPublicIpOnLaunch = true,\n });\n\n // ... other configuration ...\n var exampleCluster = new Aws.Emr.Cluster(\"exampleCluster\", new()\n {\n ReleaseLabel = \"emr-5.24.1\",\n TerminationProtection = true,\n Ec2Attributes = new Aws.Emr.Inputs.ClusterEc2AttributesArgs\n {\n SubnetId = exampleSubnet.Id,\n },\n MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs\n {\n InstanceCount = 3,\n },\n CoreInstanceGroup = null,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// This configuration is for illustrative purposes and highlights\n\t\t// only relevant configurations for working with this functionality.\n\t\t// Map public IP on launch must be enabled for public (Internet accessible) subnets\n\t\t// ... other configuration ...\n\t\texampleSubnet, err := ec2.NewSubnet(ctx, \"exampleSubnet\", \u0026ec2.SubnetArgs{\n\t\t\tMapPublicIpOnLaunch: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ... other configuration ...\n\t\t_, err = emr.NewCluster(ctx, \"exampleCluster\", \u0026emr.ClusterArgs{\n\t\t\tReleaseLabel: pulumi.String(\"emr-5.24.1\"),\n\t\t\tTerminationProtection: pulumi.Bool(true),\n\t\t\tEc2Attributes: \u0026emr.ClusterEc2AttributesArgs{\n\t\t\t\tSubnetId: exampleSubnet.ID(),\n\t\t\t},\n\t\t\tMasterInstanceGroup: \u0026emr.ClusterMasterInstanceGroupArgs{\n\t\t\t\tInstanceCount: pulumi.Int(3),\n\t\t\t},\n\t\t\tCoreInstanceGroup: nil,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.emr.Cluster;\nimport com.pulumi.aws.emr.ClusterArgs;\nimport com.pulumi.aws.emr.inputs.ClusterEc2AttributesArgs;\nimport com.pulumi.aws.emr.inputs.ClusterMasterInstanceGroupArgs;\nimport com.pulumi.aws.emr.inputs.ClusterCoreInstanceGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder() \n .mapPublicIpOnLaunch(true)\n .build());\n\n var exampleCluster = new Cluster(\"exampleCluster\", ClusterArgs.builder() \n .releaseLabel(\"emr-5.24.1\")\n .terminationProtection(true)\n .ec2Attributes(ClusterEc2AttributesArgs.builder()\n .subnetId(exampleSubnet.id())\n .build())\n .masterInstanceGroup(ClusterMasterInstanceGroupArgs.builder()\n .instanceCount(3)\n .build())\n .coreInstanceGroup()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # This configuration is for illustrative purposes and highlights\n # only relevant configurations for working with this functionality.\n\n # Map public IP on launch must be enabled for public (Internet accessible) subnets\n exampleSubnet:\n type: aws:ec2:Subnet\n properties:\n mapPublicIpOnLaunch: true\n exampleCluster:\n type: aws:emr:Cluster\n properties:\n # EMR version must be 5.23.0 or later\n releaseLabel: emr-5.24.1\n # Termination protection is automatically enabled for multiple masters\n # # To destroy the cluster, this must be configured to false and applied first\n terminationProtection: true\n ec2Attributes:\n subnetId: ${exampleSubnet.id}\n masterInstanceGroup:\n instanceCount: 3\n coreInstanceGroup: {}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import EMR clusters using the `id`. For example:\n\n```sh\n $ pulumi import aws:emr/cluster:Cluster cluster j-123456ABCDEF\n```\n Since the API does not return the actual values for Kerberos configurations, environments with those options set will need to use the `lifecycle` configuration block `ignore_changes` argument available to all Pulumi resources to prevent perpetual differences. For example:\n\n", "properties": { "additionalInfo": { "type": "string", @@ -245729,7 +245729,7 @@ } }, "aws:glue/job:Job": { - "description": "Provides a Glue Job resource.\n\n\u003e Glue functionality, such as monitoring and logging of jobs, is typically managed with the `default_arguments` argument. See the [Special Parameters Used by AWS Glue](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-etl-glue-arguments.html) topic in the Glue developer guide for additional information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Python Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n command: {\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.py`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n command=aws.glue.JobCommandArgs(\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.py\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.Job(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.py\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", \u0026glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tCommand: \u0026glue.JobCommandArgs{\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"s3://%v/example.py\", aws_s3_bucket.Example.Bucket)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport com.pulumi.aws.glue.inputs.JobCommandArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Job(\"example\", JobArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .command(JobCommandArgs.builder()\n .scriptLocation(String.format(\"s3://%s/example.py\", aws_s3_bucket.example().bucket()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:Job\n properties:\n roleArn: ${aws_iam_role.example.arn}\n command:\n scriptLocation: s3://${aws_s3_bucket.example.bucket}/example.py\n```\n{{% /example %}}\n{{% example %}}\n### Ray Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n glueVersion: \"4.0\",\n workerType: \"Z.2X\",\n command: {\n name: \"glueray\",\n pythonVersion: \"3.9\",\n runtime: \"Ray2.4\",\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.py`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n glue_version=\"4.0\",\n worker_type=\"Z.2X\",\n command=aws.glue.JobCommandArgs(\n name=\"glueray\",\n python_version=\"3.9\",\n runtime=\"Ray2.4\",\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.py\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.Job(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n GlueVersion = \"4.0\",\n WorkerType = \"Z.2X\",\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n Name = \"glueray\",\n PythonVersion = \"3.9\",\n Runtime = \"Ray2.4\",\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.py\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", \u0026glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tGlueVersion: pulumi.String(\"4.0\"),\n\t\t\tWorkerType: pulumi.String(\"Z.2X\"),\n\t\t\tCommand: \u0026glue.JobCommandArgs{\n\t\t\t\tName: pulumi.String(\"glueray\"),\n\t\t\t\tPythonVersion: pulumi.String(\"3.9\"),\n\t\t\t\tRuntime: pulumi.String(\"Ray2.4\"),\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"s3://%v/example.py\", aws_s3_bucket.Example.Bucket)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport com.pulumi.aws.glue.inputs.JobCommandArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Job(\"example\", JobArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .glueVersion(\"4.0\")\n .workerType(\"Z.2X\")\n .command(JobCommandArgs.builder()\n .name(\"glueray\")\n .pythonVersion(\"3.9\")\n .runtime(\"Ray2.4\")\n .scriptLocation(String.format(\"s3://%s/example.py\", aws_s3_bucket.example().bucket()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:Job\n properties:\n roleArn: ${aws_iam_role.example.arn}\n glueVersion: '4.0'\n workerType: Z.2X\n command:\n name: glueray\n pythonVersion: '3.9'\n runtime: Ray2.4\n scriptLocation: s3://${aws_s3_bucket.example.bucket}/example.py\n```\n{{% /example %}}\n{{% example %}}\n### Scala Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n command: {\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.scala`,\n },\n defaultArguments: {\n \"--job-language\": \"scala\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n command=aws.glue.JobCommandArgs(\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.scala\",\n ),\n default_arguments={\n \"--job-language\": \"scala\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.Job(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.scala\",\n },\n DefaultArguments = \n {\n { \"--job-language\", \"scala\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", \u0026glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tCommand: \u0026glue.JobCommandArgs{\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"s3://%v/example.scala\", aws_s3_bucket.Example.Bucket)),\n\t\t\t},\n\t\t\tDefaultArguments: pulumi.StringMap{\n\t\t\t\t\"--job-language\": pulumi.String(\"scala\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport com.pulumi.aws.glue.inputs.JobCommandArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Job(\"example\", JobArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .command(JobCommandArgs.builder()\n .scriptLocation(String.format(\"s3://%s/example.scala\", aws_s3_bucket.example().bucket()))\n .build())\n .defaultArguments(Map.of(\"--job-language\", \"scala\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:Job\n properties:\n roleArn: ${aws_iam_role.example.arn}\n command:\n scriptLocation: s3://${aws_s3_bucket.example.bucket}/example.scala\n defaultArguments:\n --job-language: scala\n```\n{{% /example %}}\n{{% example %}}\n### Streaming Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n command: {\n name: \"gluestreaming\",\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.script`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n command=aws.glue.JobCommandArgs(\n name=\"gluestreaming\",\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.script\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.Job(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n Name = \"gluestreaming\",\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.script\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", \u0026glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tCommand: \u0026glue.JobCommandArgs{\n\t\t\t\tName: pulumi.String(\"gluestreaming\"),\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"s3://%v/example.script\", aws_s3_bucket.Example.Bucket)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport com.pulumi.aws.glue.inputs.JobCommandArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Job(\"example\", JobArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .command(JobCommandArgs.builder()\n .name(\"gluestreaming\")\n .scriptLocation(String.format(\"s3://%s/example.script\", aws_s3_bucket.example().bucket()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:Job\n properties:\n roleArn: ${aws_iam_role.example.arn}\n command:\n name: gluestreaming\n scriptLocation: s3://${aws_s3_bucket.example.bucket}/example.script\n```\n{{% /example %}}\n{{% example %}}\n### Enabling CloudWatch Logs and Metrics\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {retentionInDays: 14});\n// ... other configuration ...\nconst exampleJob = new aws.glue.Job(\"exampleJob\", {defaultArguments: {\n \"--continuous-log-logGroup\": exampleLogGroup.name,\n \"--enable-continuous-cloudwatch-log\": \"true\",\n \"--enable-continuous-log-filter\": \"true\",\n \"--enable-metrics\": \"\",\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\", retention_in_days=14)\n# ... other configuration ...\nexample_job = aws.glue.Job(\"exampleJob\", default_arguments={\n \"--continuous-log-logGroup\": example_log_group.name,\n \"--enable-continuous-cloudwatch-log\": \"true\",\n \"--enable-continuous-log-filter\": \"true\",\n \"--enable-metrics\": \"\",\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new()\n {\n RetentionInDays = 14,\n });\n\n // ... other configuration ...\n var exampleJob = new Aws.Glue.Job(\"exampleJob\", new()\n {\n DefaultArguments = \n {\n { \"--continuous-log-logGroup\", exampleLogGroup.Name },\n { \"--enable-continuous-cloudwatch-log\", \"true\" },\n { \"--enable-continuous-log-filter\", \"true\" },\n { \"--enable-metrics\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewJob(ctx, \"exampleJob\", \u0026glue.JobArgs{\n\t\t\tDefaultArguments: pulumi.StringMap{\n\t\t\t\t\"--continuous-log-logGroup\": exampleLogGroup.Name,\n\t\t\t\t\"--enable-continuous-cloudwatch-log\": pulumi.String(\"true\"),\n\t\t\t\t\"--enable-continuous-log-filter\": pulumi.String(\"true\"),\n\t\t\t\t\"--enable-metrics\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .retentionInDays(14)\n .build());\n\n var exampleJob = new Job(\"exampleJob\", JobArgs.builder() \n .defaultArguments(Map.ofEntries(\n Map.entry(\"--continuous-log-logGroup\", exampleLogGroup.name()),\n Map.entry(\"--enable-continuous-cloudwatch-log\", \"true\"),\n Map.entry(\"--enable-continuous-log-filter\", \"true\"),\n Map.entry(\"--enable-metrics\", \"\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n properties:\n retentionInDays: 14\n exampleJob:\n type: aws:glue:Job\n properties:\n defaultArguments:\n --continuous-log-logGroup: ${exampleLogGroup.name}\n --enable-continuous-cloudwatch-log: 'true'\n --enable-continuous-log-filter: 'true'\n --enable-metrics:\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Glue Jobs using `name`. For example:\n\n```sh\n $ pulumi import aws:glue/job:Job MyJob MyJob\n```\n ", + "description": "Provides a Glue Job resource.\n\n\u003e Glue functionality, such as monitoring and logging of jobs, is typically managed with the `default_arguments` argument. See the [Special Parameters Used by AWS Glue](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-etl-glue-arguments.html) topic in the Glue developer guide for additional information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Python Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n command: {\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.py`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n command=aws.glue.JobCommandArgs(\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.py\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.Job(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.py\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", \u0026glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tCommand: \u0026glue.JobCommandArgs{\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"s3://%v/example.py\", aws_s3_bucket.Example.Bucket)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport com.pulumi.aws.glue.inputs.JobCommandArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Job(\"example\", JobArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .command(JobCommandArgs.builder()\n .scriptLocation(String.format(\"s3://%s/example.py\", aws_s3_bucket.example().bucket()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:Job\n properties:\n roleArn: ${aws_iam_role.example.arn}\n command:\n scriptLocation: s3://${aws_s3_bucket.example.bucket}/example.py\n```\n{{% /example %}}\n{{% example %}}\n### Ray Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n glueVersion: \"4.0\",\n workerType: \"Z.2X\",\n command: {\n name: \"glueray\",\n pythonVersion: \"3.9\",\n runtime: \"Ray2.4\",\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.py`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n glue_version=\"4.0\",\n worker_type=\"Z.2X\",\n command=aws.glue.JobCommandArgs(\n name=\"glueray\",\n python_version=\"3.9\",\n runtime=\"Ray2.4\",\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.py\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.Job(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n GlueVersion = \"4.0\",\n WorkerType = \"Z.2X\",\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n Name = \"glueray\",\n PythonVersion = \"3.9\",\n Runtime = \"Ray2.4\",\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.py\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", \u0026glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tGlueVersion: pulumi.String(\"4.0\"),\n\t\t\tWorkerType: pulumi.String(\"Z.2X\"),\n\t\t\tCommand: \u0026glue.JobCommandArgs{\n\t\t\t\tName: pulumi.String(\"glueray\"),\n\t\t\t\tPythonVersion: pulumi.String(\"3.9\"),\n\t\t\t\tRuntime: pulumi.String(\"Ray2.4\"),\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"s3://%v/example.py\", aws_s3_bucket.Example.Bucket)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport com.pulumi.aws.glue.inputs.JobCommandArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Job(\"example\", JobArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .glueVersion(\"4.0\")\n .workerType(\"Z.2X\")\n .command(JobCommandArgs.builder()\n .name(\"glueray\")\n .pythonVersion(\"3.9\")\n .runtime(\"Ray2.4\")\n .scriptLocation(String.format(\"s3://%s/example.py\", aws_s3_bucket.example().bucket()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:Job\n properties:\n roleArn: ${aws_iam_role.example.arn}\n glueVersion: '4.0'\n workerType: Z.2X\n command:\n name: glueray\n pythonVersion: '3.9'\n runtime: Ray2.4\n scriptLocation: s3://${aws_s3_bucket.example.bucket}/example.py\n```\n{{% /example %}}\n{{% example %}}\n### Scala Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n command: {\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.scala`,\n },\n defaultArguments: {\n \"--job-language\": \"scala\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n command=aws.glue.JobCommandArgs(\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.scala\",\n ),\n default_arguments={\n \"--job-language\": \"scala\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.Job(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.scala\",\n },\n DefaultArguments = \n {\n { \"--job-language\", \"scala\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", \u0026glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tCommand: \u0026glue.JobCommandArgs{\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"s3://%v/example.scala\", aws_s3_bucket.Example.Bucket)),\n\t\t\t},\n\t\t\tDefaultArguments: pulumi.StringMap{\n\t\t\t\t\"--job-language\": pulumi.String(\"scala\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport com.pulumi.aws.glue.inputs.JobCommandArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Job(\"example\", JobArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .command(JobCommandArgs.builder()\n .scriptLocation(String.format(\"s3://%s/example.scala\", aws_s3_bucket.example().bucket()))\n .build())\n .defaultArguments(Map.of(\"--job-language\", \"scala\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:Job\n properties:\n roleArn: ${aws_iam_role.example.arn}\n command:\n scriptLocation: s3://${aws_s3_bucket.example.bucket}/example.scala\n defaultArguments:\n --job-language: scala\n```\n{{% /example %}}\n{{% example %}}\n### Streaming Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n command: {\n name: \"gluestreaming\",\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.script`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n command=aws.glue.JobCommandArgs(\n name=\"gluestreaming\",\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.script\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Glue.Job(\"example\", new()\n {\n RoleArn = aws_iam_role.Example.Arn,\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n Name = \"gluestreaming\",\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.script\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", \u0026glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tCommand: \u0026glue.JobCommandArgs{\n\t\t\t\tName: pulumi.String(\"gluestreaming\"),\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"s3://%v/example.script\", aws_s3_bucket.Example.Bucket)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport com.pulumi.aws.glue.inputs.JobCommandArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Job(\"example\", JobArgs.builder() \n .roleArn(aws_iam_role.example().arn())\n .command(JobCommandArgs.builder()\n .name(\"gluestreaming\")\n .scriptLocation(String.format(\"s3://%s/example.script\", aws_s3_bucket.example().bucket()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:Job\n properties:\n roleArn: ${aws_iam_role.example.arn}\n command:\n name: gluestreaming\n scriptLocation: s3://${aws_s3_bucket.example.bucket}/example.script\n```\n{{% /example %}}\n{{% example %}}\n### Enabling CloudWatch Logs and Metrics\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {retentionInDays: 14});\n// ... other configuration ...\nconst exampleJob = new aws.glue.Job(\"exampleJob\", {defaultArguments: {\n \"--continuous-log-logGroup\": exampleLogGroup.name,\n \"--enable-continuous-cloudwatch-log\": \"true\",\n \"--enable-continuous-log-filter\": \"true\",\n \"--enable-metrics\": \"\",\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\", retention_in_days=14)\n# ... other configuration ...\nexample_job = aws.glue.Job(\"exampleJob\", default_arguments={\n \"--continuous-log-logGroup\": example_log_group.name,\n \"--enable-continuous-cloudwatch-log\": \"true\",\n \"--enable-continuous-log-filter\": \"true\",\n \"--enable-metrics\": \"\",\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new()\n {\n RetentionInDays = 14,\n });\n\n // ... other configuration ...\n var exampleJob = new Aws.Glue.Job(\"exampleJob\", new()\n {\n DefaultArguments = \n {\n { \"--continuous-log-logGroup\", exampleLogGroup.Name },\n { \"--enable-continuous-cloudwatch-log\", \"true\" },\n { \"--enable-continuous-log-filter\", \"true\" },\n { \"--enable-metrics\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ... other configuration ...\n\t\t_, err = glue.NewJob(ctx, \"exampleJob\", \u0026glue.JobArgs{\n\t\t\tDefaultArguments: pulumi.StringMap{\n\t\t\t\t\"--continuous-log-logGroup\": exampleLogGroup.Name,\n\t\t\t\t\"--enable-continuous-cloudwatch-log\": pulumi.String(\"true\"),\n\t\t\t\t\"--enable-continuous-log-filter\": pulumi.String(\"true\"),\n\t\t\t\t\"--enable-metrics\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.glue.Job;\nimport com.pulumi.aws.glue.JobArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\", LogGroupArgs.builder() \n .retentionInDays(14)\n .build());\n\n var exampleJob = new Job(\"exampleJob\", JobArgs.builder() \n .defaultArguments(Map.ofEntries(\n Map.entry(\"--continuous-log-logGroup\", exampleLogGroup.name()),\n Map.entry(\"--enable-continuous-cloudwatch-log\", \"true\"),\n Map.entry(\"--enable-continuous-log-filter\", \"true\"),\n Map.entry(\"--enable-metrics\", \"\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n properties:\n retentionInDays: 14\n exampleJob:\n type: aws:glue:Job\n properties:\n defaultArguments:\n --continuous-log-logGroup: ${exampleLogGroup.name}\n --enable-continuous-cloudwatch-log: 'true'\n --enable-continuous-log-filter: 'true'\n --enable-metrics:\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Glue Jobs using `name`. For example:\n\n```sh\n $ pulumi import aws:glue/job:Job MyJob MyJob\n```\n ", "properties": { "arn": { "type": "string", @@ -262897,7 +262897,7 @@ } }, "aws:lambda/function:Function": { - "description": "Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.\n\nFor information about Lambda and how to use it, see [What is AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)\n\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** If you get a `KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied` error when invoking an `aws.lambda.Function` with environment variables, the IAM role associated with the function may have been deleted and recreated _after_ the function was created. You can fix the problem two ways: 1) updating the function's role to another role and then updating it back again to the recreated role, or 2) by using Pulumi to `taint` the function and `apply` your configuration again to recreate the function. (When you create a function, Lambda grants permissions on the KMS key to the function's IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function's role or recreating the function causes Lambda to update the grant.)\n\n\u003e To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the `aws.lambda.Permission` resource. See [Lambda Permission Model](https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html) for more details. On the other hand, the `role` argument of this resource is the function's execution role for identity and access to AWS services and resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as archive from \"@pulumi/archive\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iamForLambda\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst lambda = archive.getFile({\n type: \"zip\",\n sourceFile: \"lambda.js\",\n outputPath: \"lambda_function_payload.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"testLambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n role: iamForLambda.arn,\n handler: \"index.test\",\n runtime: \"nodejs18.x\",\n environment: {\n variables: {\n foo: \"bar\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_archive as archive\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iamForLambda\", assume_role_policy=assume_role.json)\nlambda_ = archive.get_file(type=\"zip\",\n source_file=\"lambda.js\",\n output_path=\"lambda_function_payload.zip\")\ntest_lambda = aws.lambda_.Function(\"testLambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n runtime=\"nodejs18.x\",\n environment=aws.lambda_.FunctionEnvironmentArgs(\n variables={\n \"foo\": \"bar\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Archive = Pulumi.Archive;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iamForLambda\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = Archive.GetFile.Invoke(new()\n {\n Type = \"zip\",\n SourceFile = \"lambda.js\",\n OutputPath = \"lambda_function_payload.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"testLambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n Runtime = \"nodejs18.x\",\n Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs\n {\n Variables = \n {\n { \"foo\", \"bar\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-archive/sdk/go/archive\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iamForLambda\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = archive.LookupFile(ctx, \u0026archive.LookupFileArgs{\n\t\t\tType: \"zip\",\n\t\t\tSourceFile: pulumi.StringRef(\"lambda.js\"),\n\t\t\tOutputPath: \"lambda_function_payload.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"testLambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEnvironment: \u0026lambda.FunctionEnvironmentArgs{\n\t\t\t\tVariables: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.archive.ArchiveFunctions;\nimport com.pulumi.archive.inputs.GetFileArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEnvironmentArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambda = ArchiveFunctions.getFile(GetFileArgs.builder()\n .type(\"zip\")\n .sourceFile(\"lambda.js\")\n .outputPath(\"lambda_function_payload.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .runtime(\"nodejs18.x\")\n .environment(FunctionEnvironmentArgs.builder()\n .variables(Map.of(\"foo\", \"bar\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n properties:\n # If the file is not in the current working directory you will need to include a\n # # path.module in the filename.\n code:\n fn::FileArchive: lambda_function_payload.zip\n role: ${iamForLambda.arn}\n handler: index.test\n runtime: nodejs18.x\n environment:\n variables:\n foo: bar\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n lambda:\n fn::invoke:\n Function: archive:getFile\n Arguments:\n type: zip\n sourceFile: lambda.js\n outputPath: lambda_function_payload.zip\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Layers\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLayerVersion = new aws.lambda.LayerVersion(\"exampleLayerVersion\", {});\n// ... other configuration ...\nconst exampleFunction = new aws.lambda.Function(\"exampleFunction\", {layers: [exampleLayerVersion.arn]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_layer_version = aws.lambda_.LayerVersion(\"exampleLayerVersion\")\n# ... other configuration ...\nexample_function = aws.lambda_.Function(\"exampleFunction\", layers=[example_layer_version.arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLayerVersion = new Aws.Lambda.LayerVersion(\"exampleLayerVersion\");\n\n // ... other configuration ...\n var exampleFunction = new Aws.Lambda.Function(\"exampleFunction\", new()\n {\n Layers = new[]\n {\n exampleLayerVersion.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLayerVersion, err := lambda.NewLayerVersion(ctx, \"exampleLayerVersion\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"exampleFunction\", \u0026lambda.FunctionArgs{\n\t\t\tLayers: pulumi.StringArray{\n\t\t\t\texampleLayerVersion.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.LayerVersion;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLayerVersion = new LayerVersion(\"exampleLayerVersion\");\n\n var exampleFunction = new Function(\"exampleFunction\", FunctionArgs.builder() \n .layers(exampleLayerVersion.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLayerVersion:\n type: aws:lambda:LayerVersion\n exampleFunction:\n type: aws:lambda:Function\n properties:\n # ... other configuration ...\n layers:\n - ${exampleLayerVersion.arn}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Ephemeral Storage\n\nLambda Function Ephemeral Storage(`/tmp`) allows you to configure the storage upto `10` GB. The default value set to `512` MB.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iamForLambda\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst testLambda = new aws.lambda.Function(\"testLambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n role: iamForLambda.arn,\n handler: \"index.test\",\n runtime: \"nodejs18.x\",\n ephemeralStorage: {\n size: 10240,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iamForLambda\", assume_role_policy=assume_role.json)\ntest_lambda = aws.lambda_.Function(\"testLambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n runtime=\"nodejs18.x\",\n ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs(\n size=10240,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iamForLambda\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testLambda = new Aws.Lambda.Function(\"testLambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n Runtime = \"nodejs18.x\",\n EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs\n {\n Size = 10240,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iamForLambda\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"testLambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEphemeralStorage: \u0026lambda.FunctionEphemeralStorageArgs{\n\t\t\t\tSize: pulumi.Int(10240),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .runtime(\"nodejs18.x\")\n .ephemeralStorage(FunctionEphemeralStorageArgs.builder()\n .size(10240)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n role: ${iamForLambda.arn}\n handler: index.test\n runtime: nodejs18.x\n ephemeralStorage:\n size: 10240\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n{{% /example %}}\n{{% example %}}\n### Lambda File Systems\n\nLambda File Systems allow you to connect an Amazon Elastic File System (EFS) file system to a Lambda function to share data across function invocations, access existing data including large files, and save function state.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// EFS file system\nconst efsForLambda = new aws.efs.FileSystem(\"efsForLambda\", {tags: {\n Name: \"efs_for_lambda\",\n}});\n// Mount target connects the file system to the subnet\nconst alpha = new aws.efs.MountTarget(\"alpha\", {\n fileSystemId: efsForLambda.id,\n subnetId: aws_subnet.subnet_for_lambda.id,\n securityGroups: [aws_security_group.sg_for_lambda.id],\n});\n// EFS access point used by lambda file system\nconst accessPointForLambda = new aws.efs.AccessPoint(\"accessPointForLambda\", {\n fileSystemId: efsForLambda.id,\n rootDirectory: {\n path: \"/lambda\",\n creationInfo: {\n ownerGid: 1000,\n ownerUid: 1000,\n permissions: \"777\",\n },\n },\n posixUser: {\n gid: 1000,\n uid: 1000,\n },\n});\n// A lambda function connected to an EFS file system\n// ... other configuration ...\nconst example = new aws.lambda.Function(\"example\", {\n fileSystemConfig: {\n arn: accessPointForLambda.arn,\n localMountPath: \"/mnt/efs\",\n },\n vpcConfig: {\n subnetIds: [aws_subnet.subnet_for_lambda.id],\n securityGroupIds: [aws_security_group.sg_for_lambda.id],\n },\n}, {\n dependsOn: [alpha],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# EFS file system\nefs_for_lambda = aws.efs.FileSystem(\"efsForLambda\", tags={\n \"Name\": \"efs_for_lambda\",\n})\n# Mount target connects the file system to the subnet\nalpha = aws.efs.MountTarget(\"alpha\",\n file_system_id=efs_for_lambda.id,\n subnet_id=aws_subnet[\"subnet_for_lambda\"][\"id\"],\n security_groups=[aws_security_group[\"sg_for_lambda\"][\"id\"]])\n# EFS access point used by lambda file system\naccess_point_for_lambda = aws.efs.AccessPoint(\"accessPointForLambda\",\n file_system_id=efs_for_lambda.id,\n root_directory=aws.efs.AccessPointRootDirectoryArgs(\n path=\"/lambda\",\n creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(\n owner_gid=1000,\n owner_uid=1000,\n permissions=\"777\",\n ),\n ),\n posix_user=aws.efs.AccessPointPosixUserArgs(\n gid=1000,\n uid=1000,\n ))\n# A lambda function connected to an EFS file system\n# ... other configuration ...\nexample = aws.lambda_.Function(\"example\",\n file_system_config=aws.lambda_.FunctionFileSystemConfigArgs(\n arn=access_point_for_lambda.arn,\n local_mount_path=\"/mnt/efs\",\n ),\n vpc_config=aws.lambda_.FunctionVpcConfigArgs(\n subnet_ids=[aws_subnet[\"subnet_for_lambda\"][\"id\"]],\n security_group_ids=[aws_security_group[\"sg_for_lambda\"][\"id\"]],\n ),\n opts=pulumi.ResourceOptions(depends_on=[alpha]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // EFS file system\n var efsForLambda = new Aws.Efs.FileSystem(\"efsForLambda\", new()\n {\n Tags = \n {\n { \"Name\", \"efs_for_lambda\" },\n },\n });\n\n // Mount target connects the file system to the subnet\n var alpha = new Aws.Efs.MountTarget(\"alpha\", new()\n {\n FileSystemId = efsForLambda.Id,\n SubnetId = aws_subnet.Subnet_for_lambda.Id,\n SecurityGroups = new[]\n {\n aws_security_group.Sg_for_lambda.Id,\n },\n });\n\n // EFS access point used by lambda file system\n var accessPointForLambda = new Aws.Efs.AccessPoint(\"accessPointForLambda\", new()\n {\n FileSystemId = efsForLambda.Id,\n RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs\n {\n Path = \"/lambda\",\n CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs\n {\n OwnerGid = 1000,\n OwnerUid = 1000,\n Permissions = \"777\",\n },\n },\n PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs\n {\n Gid = 1000,\n Uid = 1000,\n },\n });\n\n // A lambda function connected to an EFS file system\n // ... other configuration ...\n var example = new Aws.Lambda.Function(\"example\", new()\n {\n FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs\n {\n Arn = accessPointForLambda.Arn,\n LocalMountPath = \"/mnt/efs\",\n },\n VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs\n {\n SubnetIds = new[]\n {\n aws_subnet.Subnet_for_lambda.Id,\n },\n SecurityGroupIds = new[]\n {\n aws_security_group.Sg_for_lambda.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n alpha,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/efs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tefsForLambda, err := efs.NewFileSystem(ctx, \"efsForLambda\", \u0026efs.FileSystemArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"efs_for_lambda\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\talpha, err := efs.NewMountTarget(ctx, \"alpha\", \u0026efs.MountTargetArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Subnet_for_lambda.Id),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\taws_security_group.Sg_for_lambda.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccessPointForLambda, err := efs.NewAccessPoint(ctx, \"accessPointForLambda\", \u0026efs.AccessPointArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tRootDirectory: \u0026efs.AccessPointRootDirectoryArgs{\n\t\t\t\tPath: pulumi.String(\"/lambda\"),\n\t\t\t\tCreationInfo: \u0026efs.AccessPointRootDirectoryCreationInfoArgs{\n\t\t\t\t\tOwnerGid: pulumi.Int(1000),\n\t\t\t\t\tOwnerUid: pulumi.Int(1000),\n\t\t\t\t\tPermissions: pulumi.String(\"777\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPosixUser: \u0026efs.AccessPointPosixUserArgs{\n\t\t\t\tGid: pulumi.Int(1000),\n\t\t\t\tUid: pulumi.Int(1000),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tFileSystemConfig: \u0026lambda.FunctionFileSystemConfigArgs{\n\t\t\t\tArn: accessPointForLambda.Arn,\n\t\t\t\tLocalMountPath: pulumi.String(\"/mnt/efs\"),\n\t\t\t},\n\t\t\tVpcConfig: \u0026lambda.FunctionVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taws_subnet.Subnet_for_lambda.Id,\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\taws_security_group.Sg_for_lambda.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\talpha,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.efs.FileSystem;\nimport com.pulumi.aws.efs.FileSystemArgs;\nimport com.pulumi.aws.efs.MountTarget;\nimport com.pulumi.aws.efs.MountTargetArgs;\nimport com.pulumi.aws.efs.AccessPoint;\nimport com.pulumi.aws.efs.AccessPointArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var efsForLambda = new FileSystem(\"efsForLambda\", FileSystemArgs.builder() \n .tags(Map.of(\"Name\", \"efs_for_lambda\"))\n .build());\n\n var alpha = new MountTarget(\"alpha\", MountTargetArgs.builder() \n .fileSystemId(efsForLambda.id())\n .subnetId(aws_subnet.subnet_for_lambda().id())\n .securityGroups(aws_security_group.sg_for_lambda().id())\n .build());\n\n var accessPointForLambda = new AccessPoint(\"accessPointForLambda\", AccessPointArgs.builder() \n .fileSystemId(efsForLambda.id())\n .rootDirectory(AccessPointRootDirectoryArgs.builder()\n .path(\"/lambda\")\n .creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()\n .ownerGid(1000)\n .ownerUid(1000)\n .permissions(\"777\")\n .build())\n .build())\n .posixUser(AccessPointPosixUserArgs.builder()\n .gid(1000)\n .uid(1000)\n .build())\n .build());\n\n var example = new Function(\"example\", FunctionArgs.builder() \n .fileSystemConfig(FunctionFileSystemConfigArgs.builder()\n .arn(accessPointForLambda.arn())\n .localMountPath(\"/mnt/efs\")\n .build())\n .vpcConfig(FunctionVpcConfigArgs.builder()\n .subnetIds(aws_subnet.subnet_for_lambda().id())\n .securityGroupIds(aws_security_group.sg_for_lambda().id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(alpha)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # A lambda function connected to an EFS file system\n example:\n type: aws:lambda:Function\n properties:\n fileSystemConfig:\n arn: ${accessPointForLambda.arn}\n localMountPath: /mnt/efs\n vpcConfig:\n subnetIds:\n - ${aws_subnet.subnet_for_lambda.id}\n securityGroupIds:\n - ${aws_security_group.sg_for_lambda.id}\n options:\n dependson:\n - ${alpha}\n # EFS file system\n efsForLambda:\n type: aws:efs:FileSystem\n properties:\n tags:\n Name: efs_for_lambda\n # Mount target connects the file system to the subnet\n alpha:\n type: aws:efs:MountTarget\n properties:\n fileSystemId: ${efsForLambda.id}\n subnetId: ${aws_subnet.subnet_for_lambda.id}\n securityGroups:\n - ${aws_security_group.sg_for_lambda.id}\n # EFS access point used by lambda file system\n accessPointForLambda:\n type: aws:efs:AccessPoint\n properties:\n fileSystemId: ${efsForLambda.id}\n rootDirectory:\n path: /lambda\n creationInfo:\n ownerGid: 1000\n ownerUid: 1000\n permissions: '777'\n posixUser:\n gid: 1000\n uid: 1000\n```\n{{% /example %}}\n### Lambda retries\n\nLambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource.\n{{% example %}}\n### CloudWatch Logging and Permissions\n\nFor more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lambdaFunctionName = config.get(\"lambdaFunctionName\") || \"lambda_function_name\";\n// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nconst example = new aws.cloudwatch.LogGroup(\"example\", {retentionInDays: 14});\nconst lambdaLoggingPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:*\"],\n }],\n});\nconst lambdaLoggingPolicy = new aws.iam.Policy(\"lambdaLoggingPolicy\", {\n path: \"/\",\n description: \"IAM policy for logging from a lambda\",\n policy: lambdaLoggingPolicyDocument.then(lambdaLoggingPolicyDocument =\u003e lambdaLoggingPolicyDocument.json),\n});\nconst lambdaLogs = new aws.iam.RolePolicyAttachment(\"lambdaLogs\", {\n role: aws_iam_role.iam_for_lambda.name,\n policyArn: lambdaLoggingPolicy.arn,\n});\nconst testLambda = new aws.lambda.Function(\"testLambda\", {loggingConfig: {\n logFormat: \"Text\",\n}}, {\n dependsOn: [\n lambdaLogs,\n example,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlambda_function_name = config.get(\"lambdaFunctionName\")\nif lambda_function_name is None:\n lambda_function_name = \"lambda_function_name\"\n# This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n# If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nexample = aws.cloudwatch.LogGroup(\"example\", retention_in_days=14)\nlambda_logging_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:*\"],\n)])\nlambda_logging_policy = aws.iam.Policy(\"lambdaLoggingPolicy\",\n path=\"/\",\n description=\"IAM policy for logging from a lambda\",\n policy=lambda_logging_policy_document.json)\nlambda_logs = aws.iam.RolePolicyAttachment(\"lambdaLogs\",\n role=aws_iam_role[\"iam_for_lambda\"][\"name\"],\n policy_arn=lambda_logging_policy.arn)\ntest_lambda = aws.lambda_.Function(\"testLambda\", logging_config=aws.lambda_.FunctionLoggingConfigArgs(\n log_format=\"Text\",\n),\nopts=pulumi.ResourceOptions(depends_on=[\n lambda_logs,\n example,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var lambdaFunctionName = config.Get(\"lambdaFunctionName\") ?? \"lambda_function_name\";\n // This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n // If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n RetentionInDays = 14,\n });\n\n var lambdaLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:*\",\n },\n },\n },\n });\n\n var lambdaLoggingPolicy = new Aws.Iam.Policy(\"lambdaLoggingPolicy\", new()\n {\n Path = \"/\",\n Description = \"IAM policy for logging from a lambda\",\n PolicyDocument = lambdaLoggingPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaLogs = new Aws.Iam.RolePolicyAttachment(\"lambdaLogs\", new()\n {\n Role = aws_iam_role.Iam_for_lambda.Name,\n PolicyArn = lambdaLoggingPolicy.Arn,\n });\n\n var testLambda = new Aws.Lambda.Function(\"testLambda\", new()\n {\n LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs\n {\n LogFormat = \"Text\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n lambdaLogs,\n example,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlambdaFunctionName := \"lambda_function_name\"\n\t\tif param := cfg.Get(\"lambdaFunctionName\"); param != \"\" {\n\t\t\tlambdaFunctionName = param\n\t\t}\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLoggingPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLoggingPolicy, err := iam.NewPolicy(ctx, \"lambdaLoggingPolicy\", \u0026iam.PolicyArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tDescription: pulumi.String(\"IAM policy for logging from a lambda\"),\n\t\t\tPolicy: *pulumi.String(lambdaLoggingPolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLogs, err := iam.NewRolePolicyAttachment(ctx, \"lambdaLogs\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: pulumi.Any(aws_iam_role.Iam_for_lambda.Name),\n\t\t\tPolicyArn: lambdaLoggingPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"testLambda\", \u0026lambda.FunctionArgs{\n\t\t\tLoggingConfig: \u0026lambda.FunctionLoggingConfigArgs{\n\t\t\t\tLogFormat: pulumi.String(\"Text\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tlambdaLogs,\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var lambdaFunctionName = config.get(\"lambdaFunctionName\").orElse(\"lambda_function_name\");\n var example = new LogGroup(\"example\", LogGroupArgs.builder() \n .retentionInDays(14)\n .build());\n\n final var lambdaLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:*\")\n .build())\n .build());\n\n var lambdaLoggingPolicy = new Policy(\"lambdaLoggingPolicy\", PolicyArgs.builder() \n .path(\"/\")\n .description(\"IAM policy for logging from a lambda\")\n .policy(lambdaLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaLogs = new RolePolicyAttachment(\"lambdaLogs\", RolePolicyAttachmentArgs.builder() \n .role(aws_iam_role.iam_for_lambda().name())\n .policyArn(lambdaLoggingPolicy.arn())\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .loggingConfig(FunctionLoggingConfigArgs.builder()\n .logFormat(\"Text\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n lambdaLogs,\n example)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n lambdaFunctionName:\n type: string\n default: lambda_function_name\nresources:\n testLambda:\n type: aws:lambda:Function\n properties:\n loggingConfig:\n logFormat: Text\n options:\n dependson:\n - ${lambdaLogs}\n - ${example}\n # This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n # If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n retentionInDays: 14\n lambdaLoggingPolicy:\n type: aws:iam:Policy\n properties:\n path: /\n description: IAM policy for logging from a lambda\n policy: ${lambdaLoggingPolicyDocument.json}\n lambdaLogs:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${aws_iam_role.iam_for_lambda.name}\n policyArn: ${lambdaLoggingPolicy.arn}\nvariables:\n lambdaLoggingPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:*\n```\n{{% /example %}}\n{{% /examples %}}\n## Specifying the Deployment Package\n\nAWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which `runtime` is in use. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for the valid values of `runtime`. The expected structure of the deployment package can be found in [the AWS Lambda documentation for each runtime](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html).\n\nOnce you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or indirectly via Amazon S3 (using the `s3_bucket`, `s3_key` and `s3_object_version` arguments). When providing the deployment package via S3 it may be useful to use the `aws.s3.BucketObjectv2` resource to upload it.\n\nFor larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.\n\n\n## Import\n\nUsing `pulumi import`, import Lambda Functions using the `function_name`. For example:\n\n```sh\n $ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function\n```\n ", + "description": "Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.\n\nFor information about Lambda and how to use it, see [What is AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)\n\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), EC2 subnets and security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n\u003e **NOTE:** If you get a `KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied` error when invoking an `aws.lambda.Function` with environment variables, the IAM role associated with the function may have been deleted and recreated _after_ the function was created. You can fix the problem two ways: 1) updating the function's role to another role and then updating it back again to the recreated role, or 2) by using Pulumi to `taint` the function and `apply` your configuration again to recreate the function. (When you create a function, Lambda grants permissions on the KMS key to the function's IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function's role or recreating the function causes Lambda to update the grant.)\n\n\u003e To give an external source (like an EventBridge Rule, SNS, or S3) permission to access the Lambda function, use the `aws.lambda.Permission` resource. See [Lambda Permission Model](https://docs.aws.amazon.com/lambda/latest/dg/intro-permission-model.html) for more details. On the other hand, the `role` argument of this resource is the function's execution role for identity and access to AWS services and resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as archive from \"@pulumi/archive\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iamForLambda\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst lambda = archive.getFile({\n type: \"zip\",\n sourceFile: \"lambda.js\",\n outputPath: \"lambda_function_payload.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"testLambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n role: iamForLambda.arn,\n handler: \"index.test\",\n runtime: \"nodejs18.x\",\n environment: {\n variables: {\n foo: \"bar\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_archive as archive\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iamForLambda\", assume_role_policy=assume_role.json)\nlambda_ = archive.get_file(type=\"zip\",\n source_file=\"lambda.js\",\n output_path=\"lambda_function_payload.zip\")\ntest_lambda = aws.lambda_.Function(\"testLambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n runtime=\"nodejs18.x\",\n environment=aws.lambda_.FunctionEnvironmentArgs(\n variables={\n \"foo\": \"bar\",\n },\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Archive = Pulumi.Archive;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iamForLambda\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambda = Archive.GetFile.Invoke(new()\n {\n Type = \"zip\",\n SourceFile = \"lambda.js\",\n OutputPath = \"lambda_function_payload.zip\",\n });\n\n var testLambda = new Aws.Lambda.Function(\"testLambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n Runtime = \"nodejs18.x\",\n Environment = new Aws.Lambda.Inputs.FunctionEnvironmentArgs\n {\n Variables = \n {\n { \"foo\", \"bar\" },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-archive/sdk/go/archive\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iamForLambda\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = archive.LookupFile(ctx, \u0026archive.LookupFileArgs{\n\t\t\tType: \"zip\",\n\t\t\tSourceFile: pulumi.StringRef(\"lambda.js\"),\n\t\t\tOutputPath: \"lambda_function_payload.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"testLambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEnvironment: \u0026lambda.FunctionEnvironmentArgs{\n\t\t\t\tVariables: pulumi.StringMap{\n\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.archive.ArchiveFunctions;\nimport com.pulumi.archive.inputs.GetFileArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEnvironmentArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambda = ArchiveFunctions.getFile(GetFileArgs.builder()\n .type(\"zip\")\n .sourceFile(\"lambda.js\")\n .outputPath(\"lambda_function_payload.zip\")\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .runtime(\"nodejs18.x\")\n .environment(FunctionEnvironmentArgs.builder()\n .variables(Map.of(\"foo\", \"bar\"))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n properties:\n # If the file is not in the current working directory you will need to include a\n # # path.module in the filename.\n code:\n fn::FileArchive: lambda_function_payload.zip\n role: ${iamForLambda.arn}\n handler: index.test\n runtime: nodejs18.x\n environment:\n variables:\n foo: bar\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n lambda:\n fn::invoke:\n Function: archive:getFile\n Arguments:\n type: zip\n sourceFile: lambda.js\n outputPath: lambda_function_payload.zip\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Layers\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLayerVersion = new aws.lambda.LayerVersion(\"exampleLayerVersion\", {});\n// ... other configuration ...\nconst exampleFunction = new aws.lambda.Function(\"exampleFunction\", {layers: [exampleLayerVersion.arn]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_layer_version = aws.lambda_.LayerVersion(\"exampleLayerVersion\")\n# ... other configuration ...\nexample_function = aws.lambda_.Function(\"exampleFunction\", layers=[example_layer_version.arn])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLayerVersion = new Aws.Lambda.LayerVersion(\"exampleLayerVersion\");\n\n // ... other configuration ...\n var exampleFunction = new Aws.Lambda.Function(\"exampleFunction\", new()\n {\n Layers = new[]\n {\n exampleLayerVersion.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLayerVersion, err := lambda.NewLayerVersion(ctx, \"exampleLayerVersion\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"exampleFunction\", \u0026lambda.FunctionArgs{\n\t\t\tLayers: pulumi.StringArray{\n\t\t\t\texampleLayerVersion.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lambda.LayerVersion;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLayerVersion = new LayerVersion(\"exampleLayerVersion\");\n\n var exampleFunction = new Function(\"exampleFunction\", FunctionArgs.builder() \n .layers(exampleLayerVersion.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLayerVersion:\n type: aws:lambda:LayerVersion\n exampleFunction:\n type: aws:lambda:Function\n properties:\n # ... other configuration ...\n layers:\n - ${exampleLayerVersion.arn}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Ephemeral Storage\n\nLambda Function Ephemeral Storage(`/tmp`) allows you to configure the storage upto `10` GB. The default value set to `512` MB.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst iamForLambda = new aws.iam.Role(\"iamForLambda\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst testLambda = new aws.lambda.Function(\"testLambda\", {\n code: new pulumi.asset.FileArchive(\"lambda_function_payload.zip\"),\n role: iamForLambda.arn,\n handler: \"index.test\",\n runtime: \"nodejs18.x\",\n ephemeralStorage: {\n size: 10240,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"lambda.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\niam_for_lambda = aws.iam.Role(\"iamForLambda\", assume_role_policy=assume_role.json)\ntest_lambda = aws.lambda_.Function(\"testLambda\",\n code=pulumi.FileArchive(\"lambda_function_payload.zip\"),\n role=iam_for_lambda.arn,\n handler=\"index.test\",\n runtime=\"nodejs18.x\",\n ephemeral_storage=aws.lambda_.FunctionEphemeralStorageArgs(\n size=10240,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var iamForLambda = new Aws.Iam.Role(\"iamForLambda\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var testLambda = new Aws.Lambda.Function(\"testLambda\", new()\n {\n Code = new FileArchive(\"lambda_function_payload.zip\"),\n Role = iamForLambda.Arn,\n Handler = \"index.test\",\n Runtime = \"nodejs18.x\",\n EphemeralStorage = new Aws.Lambda.Inputs.FunctionEphemeralStorageArgs\n {\n Size = 10240,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamForLambda, err := iam.NewRole(ctx, \"iamForLambda\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"testLambda\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda_function_payload.zip\"),\n\t\t\tRole: iamForLambda.Arn,\n\t\t\tHandler: pulumi.String(\"index.test\"),\n\t\t\tRuntime: pulumi.String(\"nodejs18.x\"),\n\t\t\tEphemeralStorage: \u0026lambda.FunctionEphemeralStorageArgs{\n\t\t\t\tSize: pulumi.Int(10240),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionEphemeralStorageArgs;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var iamForLambda = new Role(\"iamForLambda\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .code(new FileArchive(\"lambda_function_payload.zip\"))\n .role(iamForLambda.arn())\n .handler(\"index.test\")\n .runtime(\"nodejs18.x\")\n .ephemeralStorage(FunctionEphemeralStorageArgs.builder()\n .size(10240)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n iamForLambda:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n testLambda:\n type: aws:lambda:Function\n properties:\n code:\n fn::FileArchive: lambda_function_payload.zip\n role: ${iamForLambda.arn}\n handler: index.test\n runtime: nodejs18.x\n ephemeralStorage:\n size: 10240\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n{{% /example %}}\n{{% example %}}\n### Lambda File Systems\n\nLambda File Systems allow you to connect an Amazon Elastic File System (EFS) file system to a Lambda function to share data across function invocations, access existing data including large files, and save function state.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// EFS file system\nconst efsForLambda = new aws.efs.FileSystem(\"efsForLambda\", {tags: {\n Name: \"efs_for_lambda\",\n}});\n// Mount target connects the file system to the subnet\nconst alpha = new aws.efs.MountTarget(\"alpha\", {\n fileSystemId: efsForLambda.id,\n subnetId: aws_subnet.subnet_for_lambda.id,\n securityGroups: [aws_security_group.sg_for_lambda.id],\n});\n// EFS access point used by lambda file system\nconst accessPointForLambda = new aws.efs.AccessPoint(\"accessPointForLambda\", {\n fileSystemId: efsForLambda.id,\n rootDirectory: {\n path: \"/lambda\",\n creationInfo: {\n ownerGid: 1000,\n ownerUid: 1000,\n permissions: \"777\",\n },\n },\n posixUser: {\n gid: 1000,\n uid: 1000,\n },\n});\n// A lambda function connected to an EFS file system\n// ... other configuration ...\nconst example = new aws.lambda.Function(\"example\", {\n fileSystemConfig: {\n arn: accessPointForLambda.arn,\n localMountPath: \"/mnt/efs\",\n },\n vpcConfig: {\n subnetIds: [aws_subnet.subnet_for_lambda.id],\n securityGroupIds: [aws_security_group.sg_for_lambda.id],\n },\n}, {\n dependsOn: [alpha],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# EFS file system\nefs_for_lambda = aws.efs.FileSystem(\"efsForLambda\", tags={\n \"Name\": \"efs_for_lambda\",\n})\n# Mount target connects the file system to the subnet\nalpha = aws.efs.MountTarget(\"alpha\",\n file_system_id=efs_for_lambda.id,\n subnet_id=aws_subnet[\"subnet_for_lambda\"][\"id\"],\n security_groups=[aws_security_group[\"sg_for_lambda\"][\"id\"]])\n# EFS access point used by lambda file system\naccess_point_for_lambda = aws.efs.AccessPoint(\"accessPointForLambda\",\n file_system_id=efs_for_lambda.id,\n root_directory=aws.efs.AccessPointRootDirectoryArgs(\n path=\"/lambda\",\n creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(\n owner_gid=1000,\n owner_uid=1000,\n permissions=\"777\",\n ),\n ),\n posix_user=aws.efs.AccessPointPosixUserArgs(\n gid=1000,\n uid=1000,\n ))\n# A lambda function connected to an EFS file system\n# ... other configuration ...\nexample = aws.lambda_.Function(\"example\",\n file_system_config=aws.lambda_.FunctionFileSystemConfigArgs(\n arn=access_point_for_lambda.arn,\n local_mount_path=\"/mnt/efs\",\n ),\n vpc_config=aws.lambda_.FunctionVpcConfigArgs(\n subnet_ids=[aws_subnet[\"subnet_for_lambda\"][\"id\"]],\n security_group_ids=[aws_security_group[\"sg_for_lambda\"][\"id\"]],\n ),\n opts=pulumi.ResourceOptions(depends_on=[alpha]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // EFS file system\n var efsForLambda = new Aws.Efs.FileSystem(\"efsForLambda\", new()\n {\n Tags = \n {\n { \"Name\", \"efs_for_lambda\" },\n },\n });\n\n // Mount target connects the file system to the subnet\n var alpha = new Aws.Efs.MountTarget(\"alpha\", new()\n {\n FileSystemId = efsForLambda.Id,\n SubnetId = aws_subnet.Subnet_for_lambda.Id,\n SecurityGroups = new[]\n {\n aws_security_group.Sg_for_lambda.Id,\n },\n });\n\n // EFS access point used by lambda file system\n var accessPointForLambda = new Aws.Efs.AccessPoint(\"accessPointForLambda\", new()\n {\n FileSystemId = efsForLambda.Id,\n RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs\n {\n Path = \"/lambda\",\n CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs\n {\n OwnerGid = 1000,\n OwnerUid = 1000,\n Permissions = \"777\",\n },\n },\n PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs\n {\n Gid = 1000,\n Uid = 1000,\n },\n });\n\n // A lambda function connected to an EFS file system\n // ... other configuration ...\n var example = new Aws.Lambda.Function(\"example\", new()\n {\n FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs\n {\n Arn = accessPointForLambda.Arn,\n LocalMountPath = \"/mnt/efs\",\n },\n VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs\n {\n SubnetIds = new[]\n {\n aws_subnet.Subnet_for_lambda.Id,\n },\n SecurityGroupIds = new[]\n {\n aws_security_group.Sg_for_lambda.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n alpha,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/efs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// EFS file system\n\t\tefsForLambda, err := efs.NewFileSystem(ctx, \"efsForLambda\", \u0026efs.FileSystemArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"efs_for_lambda\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Mount target connects the file system to the subnet\n\t\talpha, err := efs.NewMountTarget(ctx, \"alpha\", \u0026efs.MountTargetArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Subnet_for_lambda.Id),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\taws_security_group.Sg_for_lambda.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// EFS access point used by lambda file system\n\t\taccessPointForLambda, err := efs.NewAccessPoint(ctx, \"accessPointForLambda\", \u0026efs.AccessPointArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tRootDirectory: \u0026efs.AccessPointRootDirectoryArgs{\n\t\t\t\tPath: pulumi.String(\"/lambda\"),\n\t\t\t\tCreationInfo: \u0026efs.AccessPointRootDirectoryCreationInfoArgs{\n\t\t\t\t\tOwnerGid: pulumi.Int(1000),\n\t\t\t\t\tOwnerUid: pulumi.Int(1000),\n\t\t\t\t\tPermissions: pulumi.String(\"777\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPosixUser: \u0026efs.AccessPointPosixUserArgs{\n\t\t\t\tGid: pulumi.Int(1000),\n\t\t\t\tUid: pulumi.Int(1000),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// A lambda function connected to an EFS file system\n\t\t// ... other configuration ...\n\t\t_, err = lambda.NewFunction(ctx, \"example\", \u0026lambda.FunctionArgs{\n\t\t\tFileSystemConfig: \u0026lambda.FunctionFileSystemConfigArgs{\n\t\t\t\tArn: accessPointForLambda.Arn,\n\t\t\t\tLocalMountPath: pulumi.String(\"/mnt/efs\"),\n\t\t\t},\n\t\t\tVpcConfig: \u0026lambda.FunctionVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\taws_subnet.Subnet_for_lambda.Id,\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\taws_security_group.Sg_for_lambda.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\talpha,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.efs.FileSystem;\nimport com.pulumi.aws.efs.FileSystemArgs;\nimport com.pulumi.aws.efs.MountTarget;\nimport com.pulumi.aws.efs.MountTargetArgs;\nimport com.pulumi.aws.efs.AccessPoint;\nimport com.pulumi.aws.efs.AccessPointArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointRootDirectoryCreationInfoArgs;\nimport com.pulumi.aws.efs.inputs.AccessPointPosixUserArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionFileSystemConfigArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionVpcConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var efsForLambda = new FileSystem(\"efsForLambda\", FileSystemArgs.builder() \n .tags(Map.of(\"Name\", \"efs_for_lambda\"))\n .build());\n\n var alpha = new MountTarget(\"alpha\", MountTargetArgs.builder() \n .fileSystemId(efsForLambda.id())\n .subnetId(aws_subnet.subnet_for_lambda().id())\n .securityGroups(aws_security_group.sg_for_lambda().id())\n .build());\n\n var accessPointForLambda = new AccessPoint(\"accessPointForLambda\", AccessPointArgs.builder() \n .fileSystemId(efsForLambda.id())\n .rootDirectory(AccessPointRootDirectoryArgs.builder()\n .path(\"/lambda\")\n .creationInfo(AccessPointRootDirectoryCreationInfoArgs.builder()\n .ownerGid(1000)\n .ownerUid(1000)\n .permissions(\"777\")\n .build())\n .build())\n .posixUser(AccessPointPosixUserArgs.builder()\n .gid(1000)\n .uid(1000)\n .build())\n .build());\n\n var example = new Function(\"example\", FunctionArgs.builder() \n .fileSystemConfig(FunctionFileSystemConfigArgs.builder()\n .arn(accessPointForLambda.arn())\n .localMountPath(\"/mnt/efs\")\n .build())\n .vpcConfig(FunctionVpcConfigArgs.builder()\n .subnetIds(aws_subnet.subnet_for_lambda().id())\n .securityGroupIds(aws_security_group.sg_for_lambda().id())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(alpha)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # A lambda function connected to an EFS file system\n example:\n type: aws:lambda:Function\n properties:\n fileSystemConfig:\n arn: ${accessPointForLambda.arn}\n localMountPath: /mnt/efs\n vpcConfig:\n subnetIds:\n - ${aws_subnet.subnet_for_lambda.id}\n securityGroupIds:\n - ${aws_security_group.sg_for_lambda.id}\n options:\n dependson:\n - ${alpha}\n # EFS file system\n efsForLambda:\n type: aws:efs:FileSystem\n properties:\n tags:\n Name: efs_for_lambda\n # Mount target connects the file system to the subnet\n alpha:\n type: aws:efs:MountTarget\n properties:\n fileSystemId: ${efsForLambda.id}\n subnetId: ${aws_subnet.subnet_for_lambda.id}\n securityGroups:\n - ${aws_security_group.sg_for_lambda.id}\n # EFS access point used by lambda file system\n accessPointForLambda:\n type: aws:efs:AccessPoint\n properties:\n fileSystemId: ${efsForLambda.id}\n rootDirectory:\n path: /lambda\n creationInfo:\n ownerGid: 1000\n ownerUid: 1000\n permissions: '777'\n posixUser:\n gid: 1000\n uid: 1000\n```\n{{% /example %}}\n### Lambda retries\n\nLambda Functions allow you to configure error handling for asynchronous invocation. The settings that it supports are `Maximum age of event` and `Retry attempts` as stated in [Lambda documentation for Configuring error handling for asynchronous invocation](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-errors). To configure these settings, refer to the aws.lambda.FunctionEventInvokeConfig resource.\n{{% example %}}\n### CloudWatch Logging and Permissions\n\nFor more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lambdaFunctionName = config.get(\"lambdaFunctionName\") || \"lambda_function_name\";\n// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nconst example = new aws.cloudwatch.LogGroup(\"example\", {retentionInDays: 14});\nconst lambdaLoggingPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:*\"],\n }],\n});\nconst lambdaLoggingPolicy = new aws.iam.Policy(\"lambdaLoggingPolicy\", {\n path: \"/\",\n description: \"IAM policy for logging from a lambda\",\n policy: lambdaLoggingPolicyDocument.then(lambdaLoggingPolicyDocument =\u003e lambdaLoggingPolicyDocument.json),\n});\nconst lambdaLogs = new aws.iam.RolePolicyAttachment(\"lambdaLogs\", {\n role: aws_iam_role.iam_for_lambda.name,\n policyArn: lambdaLoggingPolicy.arn,\n});\nconst testLambda = new aws.lambda.Function(\"testLambda\", {loggingConfig: {\n logFormat: \"Text\",\n}}, {\n dependsOn: [\n lambdaLogs,\n example,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlambda_function_name = config.get(\"lambdaFunctionName\")\nif lambda_function_name is None:\n lambda_function_name = \"lambda_function_name\"\n# This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n# If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nexample = aws.cloudwatch.LogGroup(\"example\", retention_in_days=14)\nlambda_logging_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:*\"],\n)])\nlambda_logging_policy = aws.iam.Policy(\"lambdaLoggingPolicy\",\n path=\"/\",\n description=\"IAM policy for logging from a lambda\",\n policy=lambda_logging_policy_document.json)\nlambda_logs = aws.iam.RolePolicyAttachment(\"lambdaLogs\",\n role=aws_iam_role[\"iam_for_lambda\"][\"name\"],\n policy_arn=lambda_logging_policy.arn)\ntest_lambda = aws.lambda_.Function(\"testLambda\", logging_config=aws.lambda_.FunctionLoggingConfigArgs(\n log_format=\"Text\",\n),\nopts=pulumi.ResourceOptions(depends_on=[\n lambda_logs,\n example,\n ]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var lambdaFunctionName = config.Get(\"lambdaFunctionName\") ?? \"lambda_function_name\";\n // This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n // If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n RetentionInDays = 14,\n });\n\n var lambdaLoggingPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:*\",\n },\n },\n },\n });\n\n var lambdaLoggingPolicy = new Aws.Iam.Policy(\"lambdaLoggingPolicy\", new()\n {\n Path = \"/\",\n Description = \"IAM policy for logging from a lambda\",\n PolicyDocument = lambdaLoggingPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaLogs = new Aws.Iam.RolePolicyAttachment(\"lambdaLogs\", new()\n {\n Role = aws_iam_role.Iam_for_lambda.Name,\n PolicyArn = lambdaLoggingPolicy.Arn,\n });\n\n var testLambda = new Aws.Lambda.Function(\"testLambda\", new()\n {\n LoggingConfig = new Aws.Lambda.Inputs.FunctionLoggingConfigArgs\n {\n LogFormat = \"Text\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n lambdaLogs,\n example,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlambdaFunctionName := \"lambda_function_name\"\n\t\tif param := cfg.Get(\"lambdaFunctionName\"); param != \"\" {\n\t\t\tlambdaFunctionName = param\n\t\t}\n\t\t// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n\t\t// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLoggingPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogGroup\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLoggingPolicy, err := iam.NewPolicy(ctx, \"lambdaLoggingPolicy\", \u0026iam.PolicyArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tDescription: pulumi.String(\"IAM policy for logging from a lambda\"),\n\t\t\tPolicy: *pulumi.String(lambdaLoggingPolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLogs, err := iam.NewRolePolicyAttachment(ctx, \"lambdaLogs\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: pulumi.Any(aws_iam_role.Iam_for_lambda.Name),\n\t\t\tPolicyArn: lambdaLoggingPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"testLambda\", \u0026lambda.FunctionArgs{\n\t\t\tLoggingConfig: \u0026lambda.FunctionLoggingConfigArgs{\n\t\t\t\tLogFormat: pulumi.String(\"Text\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tlambdaLogs,\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.lambda.inputs.FunctionLoggingConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var lambdaFunctionName = config.get(\"lambdaFunctionName\").orElse(\"lambda_function_name\");\n var example = new LogGroup(\"example\", LogGroupArgs.builder() \n .retentionInDays(14)\n .build());\n\n final var lambdaLoggingPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:*\")\n .build())\n .build());\n\n var lambdaLoggingPolicy = new Policy(\"lambdaLoggingPolicy\", PolicyArgs.builder() \n .path(\"/\")\n .description(\"IAM policy for logging from a lambda\")\n .policy(lambdaLoggingPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaLogs = new RolePolicyAttachment(\"lambdaLogs\", RolePolicyAttachmentArgs.builder() \n .role(aws_iam_role.iam_for_lambda().name())\n .policyArn(lambdaLoggingPolicy.arn())\n .build());\n\n var testLambda = new Function(\"testLambda\", FunctionArgs.builder() \n .loggingConfig(FunctionLoggingConfigArgs.builder()\n .logFormat(\"Text\")\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn( \n lambdaLogs,\n example)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n lambdaFunctionName:\n type: string\n default: lambda_function_name\nresources:\n testLambda:\n type: aws:lambda:Function\n properties:\n loggingConfig:\n logFormat: Text\n options:\n dependson:\n - ${lambdaLogs}\n - ${example}\n # This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n # If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n retentionInDays: 14\n lambdaLoggingPolicy:\n type: aws:iam:Policy\n properties:\n path: /\n description: IAM policy for logging from a lambda\n policy: ${lambdaLoggingPolicyDocument.json}\n lambdaLogs:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${aws_iam_role.iam_for_lambda.name}\n policyArn: ${lambdaLoggingPolicy.arn}\nvariables:\n lambdaLoggingPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - logs:CreateLogGroup\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:*\n```\n{{% /example %}}\n{{% /examples %}}\n## Specifying the Deployment Package\n\nAWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which `runtime` is in use. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for the valid values of `runtime`. The expected structure of the deployment package can be found in [the AWS Lambda documentation for each runtime](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html).\n\nOnce you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or indirectly via Amazon S3 (using the `s3_bucket`, `s3_key` and `s3_object_version` arguments). When providing the deployment package via S3 it may be useful to use the `aws.s3.BucketObjectv2` resource to upload it.\n\nFor larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.\n\n\n## Import\n\nUsing `pulumi import`, import Lambda Functions using the `function_name`. For example:\n\n```sh\n $ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function\n```\n ", "properties": { "architectures": { "type": "array", @@ -268631,7 +268631,7 @@ } }, "aws:lightsail/containerService:ContainerService": { - "description": "An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run,\nand manage containers. For more information, see\n[Container services in Amazon Lightsail](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-container-services).\n\n\u003e **Note:** For more information about the AWS Regions in which you can create Amazon Lightsail container services,\nsee [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"myContainerService\", {\n isDisabled: false,\n power: \"nano\",\n scale: 1,\n tags: {\n foo1: \"bar1\",\n foo2: \"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"myContainerService\",\n is_disabled=False,\n power=\"nano\",\n scale=1,\n tags={\n \"foo1\": \"bar1\",\n \"foo2\": \"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"myContainerService\", new()\n {\n IsDisabled = false,\n Power = \"nano\",\n Scale = 1,\n Tags = \n {\n { \"foo1\", \"bar1\" },\n { \"foo2\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"myContainerService\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tIsDisabled: pulumi.Bool(false),\n\t\t\tPower: pulumi.String(\"nano\"),\n\t\t\tScale: pulumi.Int(1),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo1\": pulumi.String(\"bar1\"),\n\t\t\t\t\"foo2\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder() \n .isDisabled(false)\n .power(\"nano\")\n .scale(1)\n .tags(Map.ofEntries(\n Map.entry(\"foo1\", \"bar1\"),\n Map.entry(\"foo2\", \"\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n properties:\n isDisabled: false\n power: nano\n scale: 1\n tags:\n foo1: bar1\n foo2:\n```\n{{% /example %}}\n{{% example %}}\n### Public Domain Names\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"myContainerService\", {publicDomainNames: {\n certificates: [{\n certificateName: \"example-certificate\",\n domainNames: [\"www.example.com\"],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"myContainerService\", public_domain_names=aws.lightsail.ContainerServicePublicDomainNamesArgs(\n certificates=[aws.lightsail.ContainerServicePublicDomainNamesCertificateArgs(\n certificate_name=\"example-certificate\",\n domain_names=[\"www.example.com\"],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"myContainerService\", new()\n {\n PublicDomainNames = new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesArgs\n {\n Certificates = new[]\n {\n new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesCertificateArgs\n {\n CertificateName = \"example-certificate\",\n DomainNames = new[]\n {\n \"www.example.com\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"myContainerService\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tPublicDomainNames: \u0026lightsail.ContainerServicePublicDomainNamesArgs{\n\t\t\t\tCertificates: lightsail.ContainerServicePublicDomainNamesCertificateArray{\n\t\t\t\t\t\u0026lightsail.ContainerServicePublicDomainNamesCertificateArgs{\n\t\t\t\t\t\tCertificateName: pulumi.String(\"example-certificate\"),\n\t\t\t\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePublicDomainNamesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder() \n .publicDomainNames(ContainerServicePublicDomainNamesArgs.builder()\n .certificates(ContainerServicePublicDomainNamesCertificateArgs.builder()\n .certificateName(\"example-certificate\")\n .domainNames(\"www.example.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n properties:\n publicDomainNames:\n certificates:\n - certificateName: example-certificate\n domainNames:\n - www.example.com\n```\n{{% /example %}}\n{{% example %}}\n### Private Registry Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst defaultContainerService = new aws.lightsail.ContainerService(\"defaultContainerService\", {privateRegistryAccess: {\n ecrImagePullerRole: {\n isActive: true,\n },\n}});\nconst defaultPolicyDocument = defaultContainerService.privateRegistryAccess.apply(privateRegistryAccess =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [privateRegistryAccess.ecrImagePullerRole?.principalArn],\n }],\n actions: [\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n }],\n}));\nconst defaultRepositoryPolicy = new aws.ecr.RepositoryPolicy(\"defaultRepositoryPolicy\", {\n repository: aws_ecr_repository[\"default\"].name,\n policy: defaultPolicyDocument.apply(defaultPolicyDocument =\u003e defaultPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\ndefault_container_service = aws.lightsail.ContainerService(\"defaultContainerService\", private_registry_access=aws.lightsail.ContainerServicePrivateRegistryAccessArgs(\n ecr_image_puller_role=aws.lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs(\n is_active=True,\n ),\n))\ndefault_policy_document = default_container_service.private_registry_access.apply(lambda private_registry_access: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[private_registry_access.ecr_image_puller_role.principal_arn],\n )],\n actions=[\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n)]))\ndefault_repository_policy = aws.ecr.RepositoryPolicy(\"defaultRepositoryPolicy\",\n repository=aws_ecr_repository[\"default\"][\"name\"],\n policy=default_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var defaultContainerService = new Aws.LightSail.ContainerService(\"defaultContainerService\", new()\n {\n PrivateRegistryAccess = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessArgs\n {\n EcrImagePullerRole = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs\n {\n IsActive = true,\n },\n },\n });\n\n var defaultPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n defaultContainerService.PrivateRegistryAccess.EcrImagePullerRole?.PrincipalArn,\n },\n },\n },\n Actions = new[]\n {\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n },\n },\n },\n });\n\n var defaultRepositoryPolicy = new Aws.Ecr.RepositoryPolicy(\"defaultRepositoryPolicy\", new()\n {\n Repository = aws_ecr_repository.Default.Name,\n Policy = defaultPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ndefaultContainerService, err := lightsail.NewContainerService(ctx, \"defaultContainerService\", \u0026lightsail.ContainerServiceArgs{\nPrivateRegistryAccess: \u0026lightsail.ContainerServicePrivateRegistryAccessArgs{\nEcrImagePullerRole: \u0026lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs{\nIsActive: pulumi.Bool(true),\n},\n},\n})\nif err != nil {\nreturn err\n}\ndefaultPolicyDocument := defaultContainerService.PrivateRegistryAccess.ApplyT(func(privateRegistryAccess lightsail.ContainerServicePrivateRegistryAccess) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nprivateRegistryAccess.EcrImagePullerRole.PrincipalArn,\n},\n},\n},\nActions: []string{\n\"ecr:BatchGetImage\",\n\"ecr:GetDownloadUrlForLayer\",\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = ecr.NewRepositoryPolicy(ctx, \"defaultRepositoryPolicy\", \u0026ecr.RepositoryPolicyArgs{\nRepository: pulumi.Any(aws_ecr_repository.Default.Name),\nPolicy: defaultPolicyDocument.ApplyT(func(defaultPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026defaultPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecr.RepositoryPolicy;\nimport com.pulumi.aws.ecr.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultContainerService = new ContainerService(\"defaultContainerService\", ContainerServiceArgs.builder() \n .privateRegistryAccess(ContainerServicePrivateRegistryAccessArgs.builder()\n .ecrImagePullerRole(ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs.builder()\n .isActive(true)\n .build())\n .build())\n .build());\n\n final var defaultPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(defaultContainerService.privateRegistryAccess().applyValue(privateRegistryAccess -\u003e privateRegistryAccess.ecrImagePullerRole().principalArn()))\n .build())\n .actions( \n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\")\n .build())\n .build());\n\n var defaultRepositoryPolicy = new RepositoryPolicy(\"defaultRepositoryPolicy\", RepositoryPolicyArgs.builder() \n .repository(aws_ecr_repository.default().name())\n .policy(defaultPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(defaultPolicyDocument -\u003e defaultPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultContainerService:\n type: aws:lightsail:ContainerService\n properties:\n privateRegistryAccess:\n ecrImagePullerRole:\n isActive: true\n defaultRepositoryPolicy:\n type: aws:ecr:RepositoryPolicy\n properties:\n repository: ${aws_ecr_repository.default.name}\n policy: ${defaultPolicyDocument.json}\nvariables:\n defaultPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${defaultContainerService.privateRegistryAccess.ecrImagePullerRole.principalArn}\n actions:\n - ecr:BatchGetImage\n - ecr:GetDownloadUrlForLayer\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Lightsail Container Service using the `name`. For example:\n\n```sh\n $ pulumi import aws:lightsail/containerService:ContainerService my_container_service container-service-1\n```\n ", + "description": "An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run,\nand manage containers. For more information, see\n[Container services in Amazon Lightsail](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-container-services).\n\n\u003e **Note:** For more information about the AWS Regions in which you can create Amazon Lightsail container services,\nsee [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"myContainerService\", {\n isDisabled: false,\n power: \"nano\",\n scale: 1,\n tags: {\n foo1: \"bar1\",\n foo2: \"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"myContainerService\",\n is_disabled=False,\n power=\"nano\",\n scale=1,\n tags={\n \"foo1\": \"bar1\",\n \"foo2\": \"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"myContainerService\", new()\n {\n IsDisabled = false,\n Power = \"nano\",\n Scale = 1,\n Tags = \n {\n { \"foo1\", \"bar1\" },\n { \"foo2\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"myContainerService\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tIsDisabled: pulumi.Bool(false),\n\t\t\tPower: pulumi.String(\"nano\"),\n\t\t\tScale: pulumi.Int(1),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo1\": pulumi.String(\"bar1\"),\n\t\t\t\t\"foo2\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder() \n .isDisabled(false)\n .power(\"nano\")\n .scale(1)\n .tags(Map.ofEntries(\n Map.entry(\"foo1\", \"bar1\"),\n Map.entry(\"foo2\", \"\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n properties:\n isDisabled: false\n power: nano\n scale: 1\n tags:\n foo1: bar1\n foo2:\n```\n{{% /example %}}\n{{% example %}}\n### Public Domain Names\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"myContainerService\", {publicDomainNames: {\n certificates: [{\n certificateName: \"example-certificate\",\n domainNames: [\"www.example.com\"],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"myContainerService\", public_domain_names=aws.lightsail.ContainerServicePublicDomainNamesArgs(\n certificates=[aws.lightsail.ContainerServicePublicDomainNamesCertificateArgs(\n certificate_name=\"example-certificate\",\n domain_names=[\"www.example.com\"],\n )],\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"myContainerService\", new()\n {\n PublicDomainNames = new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesArgs\n {\n Certificates = new[]\n {\n new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesCertificateArgs\n {\n CertificateName = \"example-certificate\",\n DomainNames = new[]\n {\n \"www.example.com\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"myContainerService\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tPublicDomainNames: \u0026lightsail.ContainerServicePublicDomainNamesArgs{\n\t\t\t\tCertificates: lightsail.ContainerServicePublicDomainNamesCertificateArray{\n\t\t\t\t\t\u0026lightsail.ContainerServicePublicDomainNamesCertificateArgs{\n\t\t\t\t\t\tCertificateName: pulumi.String(\"example-certificate\"),\n\t\t\t\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePublicDomainNamesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder() \n .publicDomainNames(ContainerServicePublicDomainNamesArgs.builder()\n .certificates(ContainerServicePublicDomainNamesCertificateArgs.builder()\n .certificateName(\"example-certificate\")\n .domainNames(\"www.example.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n properties:\n publicDomainNames:\n certificates:\n - certificateName: example-certificate\n domainNames:\n - www.example.com\n```\n{{% /example %}}\n{{% example %}}\n### Private Registry Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst defaultContainerService = new aws.lightsail.ContainerService(\"defaultContainerService\", {privateRegistryAccess: {\n ecrImagePullerRole: {\n isActive: true,\n },\n}});\nconst defaultPolicyDocument = defaultContainerService.privateRegistryAccess.apply(privateRegistryAccess =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [privateRegistryAccess.ecrImagePullerRole?.principalArn],\n }],\n actions: [\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n }],\n}));\nconst defaultRepositoryPolicy = new aws.ecr.RepositoryPolicy(\"defaultRepositoryPolicy\", {\n repository: aws_ecr_repository[\"default\"].name,\n policy: defaultPolicyDocument.apply(defaultPolicyDocument =\u003e defaultPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\ndefault_container_service = aws.lightsail.ContainerService(\"defaultContainerService\", private_registry_access=aws.lightsail.ContainerServicePrivateRegistryAccessArgs(\n ecr_image_puller_role=aws.lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs(\n is_active=True,\n ),\n))\ndefault_policy_document = default_container_service.private_registry_access.apply(lambda private_registry_access: aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[private_registry_access.ecr_image_puller_role.principal_arn],\n )],\n actions=[\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n)]))\ndefault_repository_policy = aws.ecr.RepositoryPolicy(\"defaultRepositoryPolicy\",\n repository=aws_ecr_repository[\"default\"][\"name\"],\n policy=default_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var defaultContainerService = new Aws.LightSail.ContainerService(\"defaultContainerService\", new()\n {\n PrivateRegistryAccess = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessArgs\n {\n EcrImagePullerRole = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs\n {\n IsActive = true,\n },\n },\n });\n\n var defaultPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n defaultContainerService.PrivateRegistryAccess.EcrImagePullerRole?.PrincipalArn,\n },\n },\n },\n Actions = new[]\n {\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n },\n },\n },\n });\n\n var defaultRepositoryPolicy = new Aws.Ecr.RepositoryPolicy(\"defaultRepositoryPolicy\", new()\n {\n Repository = aws_ecr_repository.Default.Name,\n Policy = defaultPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\n// ... other configuration ...\ndefaultContainerService, err := lightsail.NewContainerService(ctx, \"defaultContainerService\", \u0026lightsail.ContainerServiceArgs{\nPrivateRegistryAccess: \u0026lightsail.ContainerServicePrivateRegistryAccessArgs{\nEcrImagePullerRole: \u0026lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs{\nIsActive: pulumi.Bool(true),\n},\n},\n})\nif err != nil {\nreturn err\n}\ndefaultPolicyDocument := defaultContainerService.PrivateRegistryAccess.ApplyT(func(privateRegistryAccess lightsail.ContainerServicePrivateRegistryAccess) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nprivateRegistryAccess.EcrImagePullerRole.PrincipalArn,\n},\n},\n},\nActions: []string{\n\"ecr:BatchGetImage\",\n\"ecr:GetDownloadUrlForLayer\",\n},\n},\n},\n}, nil), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = ecr.NewRepositoryPolicy(ctx, \"defaultRepositoryPolicy\", \u0026ecr.RepositoryPolicyArgs{\nRepository: pulumi.Any(aws_ecr_repository.Default.Name),\nPolicy: defaultPolicyDocument.ApplyT(func(defaultPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026defaultPolicyDocument.Json, nil\n}).(pulumi.StringPtrOutput),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecr.RepositoryPolicy;\nimport com.pulumi.aws.ecr.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultContainerService = new ContainerService(\"defaultContainerService\", ContainerServiceArgs.builder() \n .privateRegistryAccess(ContainerServicePrivateRegistryAccessArgs.builder()\n .ecrImagePullerRole(ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs.builder()\n .isActive(true)\n .build())\n .build())\n .build());\n\n final var defaultPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(defaultContainerService.privateRegistryAccess().applyValue(privateRegistryAccess -\u003e privateRegistryAccess.ecrImagePullerRole().principalArn()))\n .build())\n .actions( \n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\")\n .build())\n .build());\n\n var defaultRepositoryPolicy = new RepositoryPolicy(\"defaultRepositoryPolicy\", RepositoryPolicyArgs.builder() \n .repository(aws_ecr_repository.default().name())\n .policy(defaultPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(defaultPolicyDocument -\u003e defaultPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultContainerService:\n type: aws:lightsail:ContainerService\n properties:\n privateRegistryAccess:\n ecrImagePullerRole:\n isActive: true\n defaultRepositoryPolicy:\n type: aws:ecr:RepositoryPolicy\n properties:\n repository: ${aws_ecr_repository.default.name}\n policy: ${defaultPolicyDocument.json}\nvariables:\n defaultPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${defaultContainerService.privateRegistryAccess.ecrImagePullerRole.principalArn}\n actions:\n - ecr:BatchGetImage\n - ecr:GetDownloadUrlForLayer\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Lightsail Container Service using the `name`. For example:\n\n```sh\n $ pulumi import aws:lightsail/containerService:ContainerService my_container_service container-service-1\n```\n ", "properties": { "arn": { "type": "string", @@ -269916,7 +269916,7 @@ } }, "aws:lightsail/instance:Instance": { - "description": "Provides a Lightsail Instance. Amazon Lightsail is a service to provide easy virtual private servers\nwith custom software already setup. See [What is Amazon Lightsail?](https://lightsail.aws.amazon.com/ls/docs/getting-started/article/what-is-amazon-lightsail)\nfor more information.\n\n\u003e **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new GitLab Lightsail Instance\nconst gitlabTest = new aws.lightsail.Instance(\"gitlabTest\", {\n availabilityZone: \"us-east-1b\",\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n keyPairName: \"some_key_name\",\n tags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new GitLab Lightsail Instance\ngitlab_test = aws.lightsail.Instance(\"gitlabTest\",\n availability_zone=\"us-east-1b\",\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\",\n key_pair_name=\"some_key_name\",\n tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new GitLab Lightsail Instance\n var gitlabTest = new Aws.LightSail.Instance(\"gitlabTest\", new()\n {\n AvailabilityZone = \"us-east-1b\",\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n KeyPairName = \"some_key_name\",\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewInstance(ctx, \"gitlabTest\", \u0026lightsail.InstanceArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t\tKeyPairName: pulumi.String(\"some_key_name\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gitlabTest = new Instance(\"gitlabTest\", InstanceArgs.builder() \n .availabilityZone(\"us-east-1b\")\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .keyPairName(\"some_key_name\")\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new GitLab Lightsail Instance\n gitlabTest:\n type: aws:lightsail:Instance\n properties:\n availabilityZone: us-east-1b\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n keyPairName: some_key_name\n tags:\n foo: bar\n```\n{{% /example %}}\n{{% example %}}\n### Example With User Data\n\nLightsail user data is handled differently than ec2 user data. Lightsail user data only accepts a single lined string. The below example shows installing apache and creating the index page.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst custom = new aws.lightsail.Instance(\"custom\", {\n availabilityZone: \"us-east-1b\",\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n userData: \"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncustom = aws.lightsail.Instance(\"custom\",\n availability_zone=\"us-east-1b\",\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\",\n user_data=\"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var custom = new Aws.LightSail.Instance(\"custom\", new()\n {\n AvailabilityZone = \"us-east-1b\",\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n UserData = \"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewInstance(ctx, \"custom\", \u0026lightsail.InstanceArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t\tUserData: pulumi.String(\"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var custom = new Instance(\"custom\", InstanceArgs.builder() \n .availabilityZone(\"us-east-1b\")\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .userData(\"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n custom:\n type: aws:lightsail:Instance\n properties:\n availabilityZone: us-east-1b\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n userData: sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\n```\n{{% /example %}}\n{{% example %}}\n### Enable Auto Snapshots\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.lightsail.Instance(\"test\", {\n addOn: {\n snapshotTime: \"06:00\",\n status: \"Enabled\",\n type: \"AutoSnapshot\",\n },\n availabilityZone: \"us-east-1b\",\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n tags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lightsail.Instance(\"test\",\n add_on=aws.lightsail.InstanceAddOnArgs(\n snapshot_time=\"06:00\",\n status=\"Enabled\",\n type=\"AutoSnapshot\",\n ),\n availability_zone=\"us-east-1b\",\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\",\n tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.LightSail.Instance(\"test\", new()\n {\n AddOn = new Aws.LightSail.Inputs.InstanceAddOnArgs\n {\n SnapshotTime = \"06:00\",\n Status = \"Enabled\",\n Type = \"AutoSnapshot\",\n },\n AvailabilityZone = \"us-east-1b\",\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tAddOn: \u0026lightsail.InstanceAddOnArgs{\n\t\t\t\tSnapshotTime: pulumi.String(\"06:00\"),\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\tType: pulumi.String(\"AutoSnapshot\"),\n\t\t\t},\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.inputs.InstanceAddOnArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Instance(\"test\", InstanceArgs.builder() \n .addOn(InstanceAddOnArgs.builder()\n .snapshotTime(\"06:00\")\n .status(\"Enabled\")\n .type(\"AutoSnapshot\")\n .build())\n .availabilityZone(\"us-east-1b\")\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Instance\n properties:\n addOn:\n snapshotTime: 06:00\n status: Enabled\n type: AutoSnapshot\n availabilityZone: us-east-1b\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n tags:\n foo: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Lightsail Instances using their name. For example:\n\n```sh\n $ pulumi import aws:lightsail/instance:Instance gitlab_test 'custom_gitlab'\n```\n ", + "description": "Provides a Lightsail Instance. Amazon Lightsail is a service to provide easy virtual private servers\nwith custom software already setup. See [What is Amazon Lightsail?](https://lightsail.aws.amazon.com/ls/docs/getting-started/article/what-is-amazon-lightsail)\nfor more information.\n\n\u003e **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new GitLab Lightsail Instance\nconst gitlabTest = new aws.lightsail.Instance(\"gitlabTest\", {\n availabilityZone: \"us-east-1b\",\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n keyPairName: \"some_key_name\",\n tags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new GitLab Lightsail Instance\ngitlab_test = aws.lightsail.Instance(\"gitlabTest\",\n availability_zone=\"us-east-1b\",\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\",\n key_pair_name=\"some_key_name\",\n tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new GitLab Lightsail Instance\n var gitlabTest = new Aws.LightSail.Instance(\"gitlabTest\", new()\n {\n AvailabilityZone = \"us-east-1b\",\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n KeyPairName = \"some_key_name\",\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new GitLab Lightsail Instance\n\t\t_, err := lightsail.NewInstance(ctx, \"gitlabTest\", \u0026lightsail.InstanceArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t\tKeyPairName: pulumi.String(\"some_key_name\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var gitlabTest = new Instance(\"gitlabTest\", InstanceArgs.builder() \n .availabilityZone(\"us-east-1b\")\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .keyPairName(\"some_key_name\")\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a new GitLab Lightsail Instance\n gitlabTest:\n type: aws:lightsail:Instance\n properties:\n availabilityZone: us-east-1b\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n keyPairName: some_key_name\n tags:\n foo: bar\n```\n{{% /example %}}\n{{% example %}}\n### Example With User Data\n\nLightsail user data is handled differently than ec2 user data. Lightsail user data only accepts a single lined string. The below example shows installing apache and creating the index page.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst custom = new aws.lightsail.Instance(\"custom\", {\n availabilityZone: \"us-east-1b\",\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n userData: \"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncustom = aws.lightsail.Instance(\"custom\",\n availability_zone=\"us-east-1b\",\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\",\n user_data=\"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var custom = new Aws.LightSail.Instance(\"custom\", new()\n {\n AvailabilityZone = \"us-east-1b\",\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n UserData = \"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewInstance(ctx, \"custom\", \u0026lightsail.InstanceArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t\tUserData: pulumi.String(\"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var custom = new Instance(\"custom\", InstanceArgs.builder() \n .availabilityZone(\"us-east-1b\")\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .userData(\"sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n custom:\n type: aws:lightsail:Instance\n properties:\n availabilityZone: us-east-1b\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n userData: sudo yum install -y httpd \u0026\u0026 sudo systemctl start httpd \u0026\u0026 sudo systemctl enable httpd \u0026\u0026 echo '\u003ch1\u003eDeployed via Pulumi\u003c/h1\u003e' | sudo tee /var/www/html/index.html\n```\n{{% /example %}}\n{{% example %}}\n### Enable Auto Snapshots\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.lightsail.Instance(\"test\", {\n addOn: {\n snapshotTime: \"06:00\",\n status: \"Enabled\",\n type: \"AutoSnapshot\",\n },\n availabilityZone: \"us-east-1b\",\n blueprintId: \"amazon_linux_2\",\n bundleId: \"nano_1_0\",\n tags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lightsail.Instance(\"test\",\n add_on=aws.lightsail.InstanceAddOnArgs(\n snapshot_time=\"06:00\",\n status=\"Enabled\",\n type=\"AutoSnapshot\",\n ),\n availability_zone=\"us-east-1b\",\n blueprint_id=\"amazon_linux_2\",\n bundle_id=\"nano_1_0\",\n tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = new Aws.LightSail.Instance(\"test\", new()\n {\n AddOn = new Aws.LightSail.Inputs.InstanceAddOnArgs\n {\n SnapshotTime = \"06:00\",\n Status = \"Enabled\",\n Type = \"AutoSnapshot\",\n },\n AvailabilityZone = \"us-east-1b\",\n BlueprintId = \"amazon_linux_2\",\n BundleId = \"nano_1_0\",\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewInstance(ctx, \"test\", \u0026lightsail.InstanceArgs{\n\t\t\tAddOn: \u0026lightsail.InstanceAddOnArgs{\n\t\t\t\tSnapshotTime: pulumi.String(\"06:00\"),\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\tType: pulumi.String(\"AutoSnapshot\"),\n\t\t\t},\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux_2\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.Instance;\nimport com.pulumi.aws.lightsail.InstanceArgs;\nimport com.pulumi.aws.lightsail.inputs.InstanceAddOnArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new Instance(\"test\", InstanceArgs.builder() \n .addOn(InstanceAddOnArgs.builder()\n .snapshotTime(\"06:00\")\n .status(\"Enabled\")\n .type(\"AutoSnapshot\")\n .build())\n .availabilityZone(\"us-east-1b\")\n .blueprintId(\"amazon_linux_2\")\n .bundleId(\"nano_1_0\")\n .tags(Map.of(\"foo\", \"bar\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n test:\n type: aws:lightsail:Instance\n properties:\n addOn:\n snapshotTime: 06:00\n status: Enabled\n type: AutoSnapshot\n availabilityZone: us-east-1b\n blueprintId: amazon_linux_2\n bundleId: nano_1_0\n tags:\n foo: bar\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Lightsail Instances using their name. For example:\n\n```sh\n $ pulumi import aws:lightsail/instance:Instance gitlab_test 'custom_gitlab'\n```\n ", "properties": { "addOn": { "$ref": "#/types/aws:lightsail/InstanceAddOn:InstanceAddOn", @@ -270233,7 +270233,7 @@ } }, "aws:lightsail/keyPair:KeyPair": { - "description": "Provides a Lightsail Key Pair, for use with Lightsail Instances. These key pairs\nare separate from EC2 Key Pairs, and must be created or imported for use with\nLightsail.\n\n\u003e **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Create New Key Pair\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new Lightsail Key Pair\nconst lgKeyPair = new aws.lightsail.KeyPair(\"lgKeyPair\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new Lightsail Key Pair\nlg_key_pair = aws.lightsail.KeyPair(\"lgKeyPair\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new Lightsail Key Pair\n var lgKeyPair = new Aws.LightSail.KeyPair(\"lgKeyPair\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewKeyPair(ctx, \"lgKeyPair\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.KeyPair;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lgKeyPair = new KeyPair(\"lgKeyPair\");\n\n }\n}\n```\n```yaml\nresources:\n # Create a new Lightsail Key Pair\n lgKeyPair:\n type: aws:lightsail:KeyPair\n```\n{{% /example %}}\n{{% example %}}\n### Create New Key Pair with PGP Encrypted Private Key\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lgKeyPair = new aws.lightsail.KeyPair(\"lgKeyPair\", {pgpKey: \"keybase:keybaseusername\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlg_key_pair = aws.lightsail.KeyPair(\"lgKeyPair\", pgp_key=\"keybase:keybaseusername\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lgKeyPair = new Aws.LightSail.KeyPair(\"lgKeyPair\", new()\n {\n PgpKey = \"keybase:keybaseusername\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewKeyPair(ctx, \"lgKeyPair\", \u0026lightsail.KeyPairArgs{\n\t\t\tPgpKey: pulumi.String(\"keybase:keybaseusername\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.KeyPair;\nimport com.pulumi.aws.lightsail.KeyPairArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lgKeyPair = new KeyPair(\"lgKeyPair\", KeyPairArgs.builder() \n .pgpKey(\"keybase:keybaseusername\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lgKeyPair:\n type: aws:lightsail:KeyPair\n properties:\n pgpKey: keybase:keybaseusername\n```\n{{% /example %}}\n{{% example %}}\n### Existing Public Key Import\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\n\nconst lgKeyPair = new aws.lightsail.KeyPair(\"lgKeyPair\", {publicKey: fs.readFileSync(\"~/.ssh/id_rsa.pub\", \"utf8\")});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlg_key_pair = aws.lightsail.KeyPair(\"lgKeyPair\", public_key=(lambda path: open(path).read())(\"~/.ssh/id_rsa.pub\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lgKeyPair = new Aws.LightSail.KeyPair(\"lgKeyPair\", new()\n {\n PublicKey = File.ReadAllText(\"~/.ssh/id_rsa.pub\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewKeyPair(ctx, \"lgKeyPair\", \u0026lightsail.KeyPairArgs{\n\t\t\tPublicKey: readFileOrPanic(\"~/.ssh/id_rsa.pub\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.KeyPair;\nimport com.pulumi.aws.lightsail.KeyPairArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lgKeyPair = new KeyPair(\"lgKeyPair\", KeyPairArgs.builder() \n .publicKey(Files.readString(Paths.get(\"~/.ssh/id_rsa.pub\")))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lgKeyPair:\n type: aws:lightsail:KeyPair\n properties:\n publicKey:\n fn::readFile: ~/.ssh/id_rsa.pub\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nYou cannot import Lightsail Key Pairs because the private and public key are only available on initial creation.\n\n ", + "description": "Provides a Lightsail Key Pair, for use with Lightsail Instances. These key pairs\nare separate from EC2 Key Pairs, and must be created or imported for use with\nLightsail.\n\n\u003e **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Create New Key Pair\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new Lightsail Key Pair\nconst lgKeyPair = new aws.lightsail.KeyPair(\"lgKeyPair\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new Lightsail Key Pair\nlg_key_pair = aws.lightsail.KeyPair(\"lgKeyPair\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Create a new Lightsail Key Pair\n var lgKeyPair = new Aws.LightSail.KeyPair(\"lgKeyPair\");\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Create a new Lightsail Key Pair\n\t\t_, err := lightsail.NewKeyPair(ctx, \"lgKeyPair\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.KeyPair;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lgKeyPair = new KeyPair(\"lgKeyPair\");\n\n }\n}\n```\n```yaml\nresources:\n # Create a new Lightsail Key Pair\n lgKeyPair:\n type: aws:lightsail:KeyPair\n```\n{{% /example %}}\n{{% example %}}\n### Create New Key Pair with PGP Encrypted Private Key\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lgKeyPair = new aws.lightsail.KeyPair(\"lgKeyPair\", {pgpKey: \"keybase:keybaseusername\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlg_key_pair = aws.lightsail.KeyPair(\"lgKeyPair\", pgp_key=\"keybase:keybaseusername\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lgKeyPair = new Aws.LightSail.KeyPair(\"lgKeyPair\", new()\n {\n PgpKey = \"keybase:keybaseusername\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewKeyPair(ctx, \"lgKeyPair\", \u0026lightsail.KeyPairArgs{\n\t\t\tPgpKey: pulumi.String(\"keybase:keybaseusername\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.KeyPair;\nimport com.pulumi.aws.lightsail.KeyPairArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lgKeyPair = new KeyPair(\"lgKeyPair\", KeyPairArgs.builder() \n .pgpKey(\"keybase:keybaseusername\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lgKeyPair:\n type: aws:lightsail:KeyPair\n properties:\n pgpKey: keybase:keybaseusername\n```\n{{% /example %}}\n{{% example %}}\n### Existing Public Key Import\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\n\nconst lgKeyPair = new aws.lightsail.KeyPair(\"lgKeyPair\", {publicKey: fs.readFileSync(\"~/.ssh/id_rsa.pub\", \"utf8\")});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlg_key_pair = aws.lightsail.KeyPair(\"lgKeyPair\", public_key=(lambda path: open(path).read())(\"~/.ssh/id_rsa.pub\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var lgKeyPair = new Aws.LightSail.KeyPair(\"lgKeyPair\", new()\n {\n PublicKey = File.ReadAllText(\"~/.ssh/id_rsa.pub\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewKeyPair(ctx, \"lgKeyPair\", \u0026lightsail.KeyPairArgs{\n\t\t\tPublicKey: readFileOrPanic(\"~/.ssh/id_rsa.pub\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.KeyPair;\nimport com.pulumi.aws.lightsail.KeyPairArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var lgKeyPair = new KeyPair(\"lgKeyPair\", KeyPairArgs.builder() \n .publicKey(Files.readString(Paths.get(\"~/.ssh/id_rsa.pub\")))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n lgKeyPair:\n type: aws:lightsail:KeyPair\n properties:\n publicKey:\n fn::readFile: ~/.ssh/id_rsa.pub\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nYou cannot import Lightsail Key Pairs because the private and public key are only available on initial creation.\n\n ", "properties": { "arn": { "type": "string", @@ -278829,7 +278829,7 @@ } }, "aws:neptune/globalCluster:GlobalCluster": { - "description": "Manages a Neptune Global Cluster. A global cluster consists of one primary region and up to five read-only secondary regions. You issue write operations directly to the primary cluster in the primary region and Amazon Neptune automatically replicates the data to the secondary regions using dedicated infrastructure.\n\nMore information about Neptune Global Clusters can be found in the [Neptune User Guide](https://docs.aws.amazon.com/neptune/latest/userguide/neptune-global-database.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### New Neptune Global Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.Provider(\"primary\", {region: \"us-east-2\"});\nconst secondary = new aws.Provider(\"secondary\", {region: \"us-east-1\"});\nconst example = new aws.neptune.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"neptune\",\n engineVersion: \"1.2.0.0\",\n});\nconst primaryCluster = new aws.neptune.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n globalClusterIdentifier: example.id,\n neptuneSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.neptune.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r5.large\",\n neptuneSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.neptune.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n neptuneSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n});\nconst secondaryClusterInstance = new aws.neptune.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r5.large\",\n neptuneSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.Provider(\"primary\", region=\"us-east-2\")\nsecondary = aws.Provider(\"secondary\", region=\"us-east-1\")\nexample = aws.neptune.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"neptune\",\n engine_version=\"1.2.0.0\")\nprimary_cluster = aws.neptune.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n global_cluster_identifier=example.id,\n neptune_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.neptune.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r5.large\",\n neptune_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.neptune.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n neptune_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"]))\nsecondary_cluster_instance = aws.neptune.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r5.large\",\n neptune_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Aws.Provider(\"primary\", new()\n {\n Region = \"us-east-2\",\n });\n\n var secondary = new Aws.Provider(\"secondary\", new()\n {\n Region = \"us-east-1\",\n });\n\n var example = new Aws.Neptune.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"neptune\",\n EngineVersion = \"1.2.0.0\",\n });\n\n var primaryCluster = new Aws.Neptune.Cluster(\"primaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n GlobalClusterIdentifier = example.Id,\n NeptuneSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var primaryClusterInstance = new Aws.Neptune.ClusterInstance(\"primaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r5.large\",\n NeptuneSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var secondaryCluster = new Aws.Neptune.Cluster(\"secondaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n NeptuneSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n });\n\n var secondaryClusterInstance = new Aws.Neptune.ClusterInstance(\"secondaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r5.large\",\n NeptuneSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryClusterInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"primary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewProvider(ctx, \"secondary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := neptune.NewGlobalCluster(ctx, \"example\", \u0026neptune.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"neptune\"),\n\t\t\tEngineVersion: pulumi.String(\"1.2.0.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := neptune.NewCluster(ctx, \"primaryCluster\", \u0026neptune.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tNeptuneSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := neptune.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026neptune.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r5.large\"),\n\t\t\tNeptuneSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := neptune.NewCluster(ctx, \"secondaryCluster\", \u0026neptune.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tNeptuneSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = neptune.NewClusterInstance(ctx, \"secondaryClusterInstance\", \u0026neptune.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r5.large\"),\n\t\t\tNeptuneSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.neptune.GlobalCluster;\nimport com.pulumi.aws.neptune.GlobalClusterArgs;\nimport com.pulumi.aws.neptune.Cluster;\nimport com.pulumi.aws.neptune.ClusterArgs;\nimport com.pulumi.aws.neptune.ClusterInstance;\nimport com.pulumi.aws.neptune.ClusterInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Provider(\"primary\", ProviderArgs.builder() \n .region(\"us-east-2\")\n .build());\n\n var secondary = new Provider(\"secondary\", ProviderArgs.builder() \n .region(\"us-east-1\")\n .build());\n\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"neptune\")\n .engineVersion(\"1.2.0.0\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .globalClusterIdentifier(example.id())\n .neptuneSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primaryCluster.id())\n .instanceClass(\"db.r5.large\")\n .neptuneSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var secondaryCluster = new Cluster(\"secondaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .neptuneSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondaryCluster.id())\n .instanceClass(\"db.r5.large\")\n .neptuneSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryClusterInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: pulumi:providers:aws\n properties:\n region: us-east-2\n secondary:\n type: pulumi:providers:aws\n properties:\n region: us-east-1\n example:\n type: aws:neptune:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: neptune\n engineVersion: 1.2.0.0\n primaryCluster:\n type: aws:neptune:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n globalClusterIdentifier: ${example.id}\n neptuneSubnetGroupName: default\n options:\n provider: ${aws.primary}\n primaryClusterInstance:\n type: aws:neptune:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primaryCluster.id}\n instanceClass: db.r5.large\n neptuneSubnetGroupName: default\n options:\n provider: ${aws.primary}\n secondaryCluster:\n type: aws:neptune:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n neptuneSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n secondaryClusterInstance:\n type: aws:neptune:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondaryCluster.id}\n instanceClass: db.r5.large\n neptuneSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryClusterInstance}\n```\n{{% /example %}}\n{{% example %}}\n### New Global Cluster From Existing DB Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst exampleCluster = new aws.neptune.Cluster(\"exampleCluster\", {});\nconst exampleGlobalCluster = new aws.neptune.GlobalCluster(\"exampleGlobalCluster\", {\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: exampleCluster.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample_cluster = aws.neptune.Cluster(\"exampleCluster\")\nexample_global_cluster = aws.neptune.GlobalCluster(\"exampleGlobalCluster\",\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example_cluster.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var exampleCluster = new Aws.Neptune.Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new Aws.Neptune.GlobalCluster(\"exampleGlobalCluster\", new()\n {\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = exampleCluster.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCluster, err := neptune.NewCluster(ctx, \"exampleCluster\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = neptune.NewGlobalCluster(ctx, \"exampleGlobalCluster\", \u0026neptune.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: exampleCluster.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.neptune.Cluster;\nimport com.pulumi.aws.neptune.GlobalCluster;\nimport com.pulumi.aws.neptune.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCluster = new Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(exampleCluster.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:neptune:Cluster\n exampleGlobalCluster:\n type: aws:neptune:GlobalCluster\n properties:\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${exampleCluster.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_neptune_global_cluster` using the Global Cluster identifier. For example:\n\n```sh\n $ pulumi import aws:neptune/globalCluster:GlobalCluster example example\n```\n Certain resource arguments, like `source_db_cluster_identifier`, do not have an API method for reading the information after creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", + "description": "Manages a Neptune Global Cluster. A global cluster consists of one primary region and up to five read-only secondary regions. You issue write operations directly to the primary cluster in the primary region and Amazon Neptune automatically replicates the data to the secondary regions using dedicated infrastructure.\n\nMore information about Neptune Global Clusters can be found in the [Neptune User Guide](https://docs.aws.amazon.com/neptune/latest/userguide/neptune-global-database.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### New Neptune Global Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.Provider(\"primary\", {region: \"us-east-2\"});\nconst secondary = new aws.Provider(\"secondary\", {region: \"us-east-1\"});\nconst example = new aws.neptune.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"neptune\",\n engineVersion: \"1.2.0.0\",\n});\nconst primaryCluster = new aws.neptune.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n globalClusterIdentifier: example.id,\n neptuneSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.neptune.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r5.large\",\n neptuneSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.neptune.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n neptuneSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n});\nconst secondaryClusterInstance = new aws.neptune.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r5.large\",\n neptuneSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.Provider(\"primary\", region=\"us-east-2\")\nsecondary = aws.Provider(\"secondary\", region=\"us-east-1\")\nexample = aws.neptune.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"neptune\",\n engine_version=\"1.2.0.0\")\nprimary_cluster = aws.neptune.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n global_cluster_identifier=example.id,\n neptune_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.neptune.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r5.large\",\n neptune_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.neptune.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n neptune_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"]))\nsecondary_cluster_instance = aws.neptune.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r5.large\",\n neptune_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Aws.Provider(\"primary\", new()\n {\n Region = \"us-east-2\",\n });\n\n var secondary = new Aws.Provider(\"secondary\", new()\n {\n Region = \"us-east-1\",\n });\n\n var example = new Aws.Neptune.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"neptune\",\n EngineVersion = \"1.2.0.0\",\n });\n\n var primaryCluster = new Aws.Neptune.Cluster(\"primaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n GlobalClusterIdentifier = example.Id,\n NeptuneSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var primaryClusterInstance = new Aws.Neptune.ClusterInstance(\"primaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r5.large\",\n NeptuneSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var secondaryCluster = new Aws.Neptune.Cluster(\"secondaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n NeptuneSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n });\n\n var secondaryClusterInstance = new Aws.Neptune.ClusterInstance(\"secondaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r5.large\",\n NeptuneSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryClusterInstance,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"primary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewProvider(ctx, \"secondary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := neptune.NewGlobalCluster(ctx, \"example\", \u0026neptune.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"neptune\"),\n\t\t\tEngineVersion: pulumi.String(\"1.2.0.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := neptune.NewCluster(ctx, \"primaryCluster\", \u0026neptune.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tNeptuneSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := neptune.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026neptune.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r5.large\"),\n\t\t\tNeptuneSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := neptune.NewCluster(ctx, \"secondaryCluster\", \u0026neptune.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tNeptuneSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = neptune.NewClusterInstance(ctx, \"secondaryClusterInstance\", \u0026neptune.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r5.large\"),\n\t\t\tNeptuneSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.neptune.GlobalCluster;\nimport com.pulumi.aws.neptune.GlobalClusterArgs;\nimport com.pulumi.aws.neptune.Cluster;\nimport com.pulumi.aws.neptune.ClusterArgs;\nimport com.pulumi.aws.neptune.ClusterInstance;\nimport com.pulumi.aws.neptune.ClusterInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Provider(\"primary\", ProviderArgs.builder() \n .region(\"us-east-2\")\n .build());\n\n var secondary = new Provider(\"secondary\", ProviderArgs.builder() \n .region(\"us-east-1\")\n .build());\n\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"neptune\")\n .engineVersion(\"1.2.0.0\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .globalClusterIdentifier(example.id())\n .neptuneSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primaryCluster.id())\n .instanceClass(\"db.r5.large\")\n .neptuneSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var secondaryCluster = new Cluster(\"secondaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .neptuneSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondaryCluster.id())\n .instanceClass(\"db.r5.large\")\n .neptuneSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryClusterInstance)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: pulumi:providers:aws\n properties:\n region: us-east-2\n secondary:\n type: pulumi:providers:aws\n properties:\n region: us-east-1\n example:\n type: aws:neptune:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: neptune\n engineVersion: 1.2.0.0\n primaryCluster:\n type: aws:neptune:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n globalClusterIdentifier: ${example.id}\n neptuneSubnetGroupName: default\n options:\n provider: ${aws.primary}\n primaryClusterInstance:\n type: aws:neptune:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primaryCluster.id}\n instanceClass: db.r5.large\n neptuneSubnetGroupName: default\n options:\n provider: ${aws.primary}\n secondaryCluster:\n type: aws:neptune:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n neptuneSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n secondaryClusterInstance:\n type: aws:neptune:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondaryCluster.id}\n instanceClass: db.r5.large\n neptuneSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryClusterInstance}\n```\n{{% /example %}}\n{{% example %}}\n### New Global Cluster From Existing DB Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst exampleCluster = new aws.neptune.Cluster(\"exampleCluster\", {});\nconst exampleGlobalCluster = new aws.neptune.GlobalCluster(\"exampleGlobalCluster\", {\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: exampleCluster.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample_cluster = aws.neptune.Cluster(\"exampleCluster\")\nexample_global_cluster = aws.neptune.GlobalCluster(\"exampleGlobalCluster\",\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example_cluster.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var exampleCluster = new Aws.Neptune.Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new Aws.Neptune.GlobalCluster(\"exampleGlobalCluster\", new()\n {\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = exampleCluster.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\texampleCluster, err := neptune.NewCluster(ctx, \"exampleCluster\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = neptune.NewGlobalCluster(ctx, \"exampleGlobalCluster\", \u0026neptune.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: exampleCluster.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.neptune.Cluster;\nimport com.pulumi.aws.neptune.GlobalCluster;\nimport com.pulumi.aws.neptune.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCluster = new Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(exampleCluster.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:neptune:Cluster\n exampleGlobalCluster:\n type: aws:neptune:GlobalCluster\n properties:\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${exampleCluster.arn}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_neptune_global_cluster` using the Global Cluster identifier. For example:\n\n```sh\n $ pulumi import aws:neptune/globalCluster:GlobalCluster example example\n```\n Certain resource arguments, like `source_db_cluster_identifier`, do not have an API method for reading the information after creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", "properties": { "arn": { "type": "string", @@ -282635,7 +282635,7 @@ } }, "aws:opensearch/domain:Domain": { - "description": "Manages an Amazon OpenSearch Domain.\n\n## Elasticsearch vs. OpenSearch\n\nAmazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).\n\nOpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:\n\n* OpenSearch has `engine_version` while Elasticsearch has `elasticsearch_version`\n* Versions are specified differently - _e.g._, `Elasticsearch_7.10` with OpenSearch vs. `7.10` for Elasticsearch.\n* `instance_type` argument values end in `search` for OpenSearch vs. `elasticsearch` for Elasticsearch (_e.g._, `t2.micro.search` vs. `t2.micro.elasticsearch`).\n* The AWS-managed service-linked role for OpenSearch is called `AWSServiceRoleForAmazonOpenSearchService` instead of `AWSServiceRoleForAmazonElasticsearchService` for Elasticsearch.\n\nThere are also some potentially unexpected similarities in configurations:\n\n* ARNs for both are prefaced with `arn:aws:es:`.\n* Both OpenSearch and Elasticsearch use assume role policies that refer to the `Principal` `Service` as `es.amazonaws.com`.\n* IAM policy actions, such as those you will find in `access_policies`, are prefaced with `es:` for both.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n clusterConfig: {\n instanceType: \"r4.large.search\",\n },\n engineVersion: \"Elasticsearch_7.10\",\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.search\",\n ),\n engine_version=\"Elasticsearch_7.10\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.search\",\n },\n EngineVersion = \"Elasticsearch_7.10\",\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.search\"),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.10\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.search\")\n .build())\n .engineVersion(\"Elasticsearch_7.10\")\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n clusterConfig:\n instanceType: r4.large.search\n engineVersion: Elasticsearch_7.10\n tags:\n Domain: TestDomain\n```\n{{% /example %}}\n{{% example %}}\n### Access Policy\n\n\u003e See also: `aws.opensearch.DomainPolicy` resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],\n conditions: [{\n test: \"IpAddress\",\n variable: \"aws:SourceIp\",\n values: [\"66.193.100.22/32\"],\n }],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {accessPolicies: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"IpAddress\",\n variable=\"aws:SourceIp\",\n values=[\"66.193.100.22/32\"],\n )],\n)])\nexample_domain = aws.opensearch.Domain(\"exampleDomain\", access_policies=example_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"IpAddress\",\n Variable = \"aws:SourceIp\",\n Values = new[]\n {\n \"66.193.100.22/32\",\n },\n },\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"es:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", currentRegion.Name, currentCallerIdentity.AccountId, domain),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"IpAddress\",\n\t\t\t\t\t\t\tVariable: \"aws:SourceIp\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"66.193.100.22/32\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\n\t\t\tAccessPolicies: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"IpAddress\")\n .variable(\"aws:SourceIp\")\n .values(\"66.193.100.22/32\")\n .build())\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n accessPolicies: ${examplePolicyDocument.json}\nvariables:\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\n conditions:\n - test: IpAddress\n variable: aws:SourceIp\n values:\n - 66.193.100.22/32\n```\n{{% /example %}}\n{{% example %}}\n### Log publishing to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\", {\n policyName: \"example\",\n policyDocument: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n// .. other configuration ...\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\",\n policy_name=\"example\",\n policy_document=example_policy_document.json)\n# .. other configuration ...\nexample_domain = aws.opensearch.Domain(\"exampleDomain\", log_publishing_options=[aws.opensearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\");\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"exampleLogResourcePolicy\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n // .. other configuration ...\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"exampleLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\n\t\t\tLogPublishingOptions: opensearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026opensearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\");\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyName: example\n policyDocument: ${examplePolicyDocument.json}\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n{{% /example %}}\n{{% example %}}\n### VPC based OpenSearch\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst exampleVpc = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst exampleSubnets = exampleVpc.then(exampleVpc =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [exampleVpc.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst exampleSecurityGroup = new aws.ec2.SecurityGroup(\"exampleSecurityGroup\", {\n description: \"Managed by Pulumi\",\n vpcId: exampleVpc.then(exampleVpc =\u003e exampleVpc.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [exampleVpc.then(exampleVpc =\u003e exampleVpc.cidrBlock)],\n }],\n});\nconst exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {\n engineVersion: \"OpenSearch_1.0\",\n clusterConfig: {\n instanceType: \"m4.large.search\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n exampleSubnets.then(exampleSubnets =\u003e exampleSubnets.ids?.[0]),\n exampleSubnets.then(exampleSubnets =\u003e exampleSubnets.ids?.[1]),\n ],\n securityGroupIds: [exampleSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n tags: {\n Domain: \"TestDomain\",\n },\n}, {\n dependsOn: [exampleServiceLinkedRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nexample_vpc = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nexample_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[example_vpc.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_security_group = aws.ec2.SecurityGroup(\"exampleSecurityGroup\",\n description=\"Managed by Pulumi\",\n vpc_id=example_vpc.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[example_vpc.cidr_block],\n )])\nexample_service_linked_role = aws.iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", aws_service_name=\"opensearchservice.amazonaws.com\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"],\n)])\nexample_domain = aws.opensearch.Domain(\"exampleDomain\",\n engine_version=\"OpenSearch_1.0\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.search\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.opensearch.DomainVpcOptionsArgs(\n subnet_ids=[\n example_subnets.ids[0],\n example_subnets.ids[1],\n ],\n security_group_ids=[example_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=example_policy_document.json,\n tags={\n \"Domain\": \"TestDomain\",\n },\n opts=pulumi.ResourceOptions(depends_on=[example_service_linked_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var exampleVpc = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var exampleSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n exampleVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var exampleSecurityGroup = new Aws.Ec2.SecurityGroup(\"exampleSecurityGroup\", new()\n {\n Description = \"Managed by Pulumi\",\n VpcId = exampleVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n exampleVpc.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n EngineVersion = \"OpenSearch_1.0\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.search\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n exampleSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n exampleSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n exampleSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleServiceLinkedRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nexampleVpc, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nexampleVpc.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrentRegion, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nexampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"exampleSecurityGroup\", \u0026ec2.SecurityGroupArgs{\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(exampleVpc.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(exampleVpc.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nexampleServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, \"exampleServiceLinkedRole\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\nexamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"*\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"es:*\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", currentRegion.Name, currentCallerIdentity.AccountId, domain),\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\nEngineVersion: pulumi.String(\"OpenSearch_1.0\"),\nClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.search\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(exampleSubnets.Ids[0]),\n*pulumi.String(exampleSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nexampleSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: *pulumi.String(examplePolicyDocument.Json),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nexampleServiceLinkedRole,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var exampleVpc = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var exampleSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var exampleSecurityGroup = new SecurityGroup(\"exampleSecurityGroup\", SecurityGroupArgs.builder() \n .description(\"Managed by Pulumi\")\n .vpcId(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var exampleServiceLinkedRole = new ServiceLinkedRole(\"exampleServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .engineVersion(\"OpenSearch_1.0\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.search\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n exampleSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n exampleSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(exampleSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleServiceLinkedRole)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n exampleSecurityGroup:\n type: aws:ec2:SecurityGroup\n properties:\n description: Managed by Pulumi\n vpcId: ${exampleVpc.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${exampleVpc.cidrBlock}\n exampleServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n engineVersion: OpenSearch_1.0\n clusterConfig:\n instanceType: m4.large.search\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${exampleSubnets.ids[0]}\n - ${exampleSubnets.ids[1]}\n securityGroupIds:\n - ${exampleSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: ${examplePolicyDocument.json}\n tags:\n Domain: TestDomain\n options:\n dependson:\n - ${exampleServiceLinkedRole}\nvariables:\n exampleVpc:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n exampleSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${exampleVpc.id}\n tags:\n Tier: private\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\n```\n{{% /example %}}\n### Enabling fine-grained access control on an existing domain\n\nThis example shows two configurations: one to create a domain without fine-grained access control and the second to modify the domain to enable fine-grained access control. For more information, see [Enabling fine-grained access control](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html).\n{{% example %}}\n### First apply\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n advancedSecurityOptions: {\n anonymousAuthEnabled: true,\n enabled: false,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n encryptAtRest: {\n enabled: true,\n },\n engineVersion: \"Elasticsearch_7.1\",\n nodeToNodeEncryption: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n anonymous_auth_enabled=True,\n enabled=False,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n engine_version=\"Elasticsearch_7.1\",\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n AnonymousAuthEnabled = true,\n Enabled = false,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n EngineVersion = \"Elasticsearch_7.1\",\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .anonymousAuthEnabled(true)\n .enabled(false)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .engineVersion(\"Elasticsearch_7.1\")\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n advancedSecurityOptions:\n anonymousAuthEnabled: true\n enabled: false\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n clusterConfig:\n instanceType: r5.large.search\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n encryptAtRest:\n enabled: true\n engineVersion: Elasticsearch_7.1\n nodeToNodeEncryption:\n enabled: true\n```\n{{% /example %}}\n{{% example %}}\n### Second apply\n\nNotice that the only change is `advanced_security_options.0.enabled` is now set to `true`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n advancedSecurityOptions: {\n anonymousAuthEnabled: true,\n enabled: true,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n encryptAtRest: {\n enabled: true,\n },\n engineVersion: \"Elasticsearch_7.1\",\n nodeToNodeEncryption: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n anonymous_auth_enabled=True,\n enabled=True,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n engine_version=\"Elasticsearch_7.1\",\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n AnonymousAuthEnabled = true,\n Enabled = true,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n EngineVersion = \"Elasticsearch_7.1\",\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .anonymousAuthEnabled(true)\n .enabled(true)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .engineVersion(\"Elasticsearch_7.1\")\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n advancedSecurityOptions:\n anonymousAuthEnabled: true\n enabled: true\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n clusterConfig:\n instanceType: r5.large.search\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n encryptAtRest:\n enabled: true\n engineVersion: Elasticsearch_7.1\n nodeToNodeEncryption:\n enabled: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import OpenSearch domains using the `domain_name`. For example:\n\n```sh\n $ pulumi import aws:opensearch/domain:Domain example domain_name\n```\n ", + "description": "Manages an Amazon OpenSearch Domain.\n\n## Elasticsearch vs. OpenSearch\n\nAmazon OpenSearch Service is the successor to Amazon Elasticsearch Service and supports OpenSearch and legacy Elasticsearch OSS (up to 7.10, the final open source version of the software).\n\nOpenSearch Domain configurations are similar in many ways to Elasticsearch Domain configurations. However, there are important differences including these:\n\n* OpenSearch has `engine_version` while Elasticsearch has `elasticsearch_version`\n* Versions are specified differently - _e.g._, `Elasticsearch_7.10` with OpenSearch vs. `7.10` for Elasticsearch.\n* `instance_type` argument values end in `search` for OpenSearch vs. `elasticsearch` for Elasticsearch (_e.g._, `t2.micro.search` vs. `t2.micro.elasticsearch`).\n* The AWS-managed service-linked role for OpenSearch is called `AWSServiceRoleForAmazonOpenSearchService` instead of `AWSServiceRoleForAmazonElasticsearchService` for Elasticsearch.\n\nThere are also some potentially unexpected similarities in configurations:\n\n* ARNs for both are prefaced with `arn:aws:es:`.\n* Both OpenSearch and Elasticsearch use assume role policies that refer to the `Principal` `Service` as `es.amazonaws.com`.\n* IAM policy actions, such as those you will find in `access_policies`, are prefaced with `es:` for both.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n clusterConfig: {\n instanceType: \"r4.large.search\",\n },\n engineVersion: \"Elasticsearch_7.10\",\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.search\",\n ),\n engine_version=\"Elasticsearch_7.10\",\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.search\",\n },\n EngineVersion = \"Elasticsearch_7.10\",\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.search\"),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.10\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r4.large.search\")\n .build())\n .engineVersion(\"Elasticsearch_7.10\")\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n clusterConfig:\n instanceType: r4.large.search\n engineVersion: Elasticsearch_7.10\n tags:\n Domain: TestDomain\n```\n{{% /example %}}\n{{% example %}}\n### Access Policy\n\n\u003e See also: `aws.opensearch.DomainPolicy` resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],\n conditions: [{\n test: \"IpAddress\",\n variable: \"aws:SourceIp\",\n values: [\"66.193.100.22/32\"],\n }],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {accessPolicies: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"IpAddress\",\n variable=\"aws:SourceIp\",\n values=[\"66.193.100.22/32\"],\n )],\n)])\nexample_domain = aws.opensearch.Domain(\"exampleDomain\", access_policies=example_policy_document.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"IpAddress\",\n Variable = \"aws:SourceIp\",\n Values = new[]\n {\n \"66.193.100.22/32\",\n },\n },\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"*\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"es:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", currentRegion.Name, currentCallerIdentity.AccountId, domain),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tTest: \"IpAddress\",\n\t\t\t\t\t\t\tVariable: \"aws:SourceIp\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"66.193.100.22/32\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\n\t\t\tAccessPolicies: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"IpAddress\")\n .variable(\"aws:SourceIp\")\n .values(\"66.193.100.22/32\")\n .build())\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n domain:\n type: string\n default: tf-test\nresources:\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n accessPolicies: ${examplePolicyDocument.json}\nvariables:\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\n conditions:\n - test: IpAddress\n variable: aws:SourceIp\n values:\n - 66.193.100.22/32\n```\n{{% /example %}}\n{{% example %}}\n### Log publishing to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"es.amazonaws.com\"],\n }],\n actions: [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources: [\"arn:aws:logs:*\"],\n }],\n});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\", {\n policyName: \"example\",\n policyDocument: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n});\n// .. other configuration ...\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"es.amazonaws.com\"],\n )],\n actions=[\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n ],\n resources=[\"arn:aws:logs:*\"],\n)])\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\",\n policy_name=\"example\",\n policy_document=example_policy_document.json)\n# .. other configuration ...\nexample_domain = aws.opensearch.Domain(\"exampleDomain\", log_publishing_options=[aws.opensearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\");\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n },\n },\n });\n\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"exampleLogResourcePolicy\", new()\n {\n PolicyName = \"example\",\n PolicyDocument = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n // .. other configuration ...\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n LogPublishingOptions = new[]\n {\n new Aws.OpenSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"exampleLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: *pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// .. other configuration ...\n\t\t_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\n\t\t\tLogPublishingOptions: opensearch.DomainLogPublishingOptionArray{\n\t\t\t\t\u0026opensearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainLogPublishingOptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleLogGroup = new LogGroup(\"exampleLogGroup\");\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"es.amazonaws.com\")\n .build())\n .actions( \n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\")\n .resources(\"arn:aws:logs:*\")\n .build())\n .build());\n\n var exampleLogResourcePolicy = new LogResourcePolicy(\"exampleLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyName(\"example\")\n .policyDocument(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .logPublishingOptions(DomainLogPublishingOptionArgs.builder()\n .cloudwatchLogGroupArn(exampleLogGroup.arn())\n .logType(\"INDEX_SLOW_LOGS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleLogGroup:\n type: aws:cloudwatch:LogGroup\n exampleLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyName: example\n policyDocument: ${examplePolicyDocument.json}\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n logPublishingOptions:\n - cloudwatchLogGroupArn: ${exampleLogGroup.arn}\n logType: INDEX_SLOW_LOGS\nvariables:\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - es.amazonaws.com\n actions:\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n - logs:CreateLogStream\n resources:\n - arn:aws:logs:*\n```\n{{% /example %}}\n{{% example %}}\n### VPC based OpenSearch\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpc = config.requireObject(\"vpc\");\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst exampleVpc = aws.ec2.getVpc({\n tags: {\n Name: vpc,\n },\n});\nconst exampleSubnets = exampleVpc.then(exampleVpc =\u003e aws.ec2.getSubnets({\n filters: [{\n name: \"vpc-id\",\n values: [exampleVpc.id],\n }],\n tags: {\n Tier: \"private\",\n },\n}));\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst exampleSecurityGroup = new aws.ec2.SecurityGroup(\"exampleSecurityGroup\", {\n description: \"Managed by Pulumi\",\n vpcId: exampleVpc.then(exampleVpc =\u003e exampleVpc.id),\n ingress: [{\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [exampleVpc.then(exampleVpc =\u003e exampleVpc.cidrBlock)],\n }],\n});\nconst exampleServiceLinkedRole = new aws.iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", {awsServiceName: \"opensearchservice.amazonaws.com\"});\nconst examplePolicyDocument = Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"*\",\n identifiers: [\"*\"],\n }],\n actions: [\"es:*\"],\n resources: [`arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*`],\n }],\n}));\nconst exampleDomain = new aws.opensearch.Domain(\"exampleDomain\", {\n engineVersion: \"OpenSearch_1.0\",\n clusterConfig: {\n instanceType: \"m4.large.search\",\n zoneAwarenessEnabled: true,\n },\n vpcOptions: {\n subnetIds: [\n exampleSubnets.then(exampleSubnets =\u003e exampleSubnets.ids?.[0]),\n exampleSubnets.then(exampleSubnets =\u003e exampleSubnets.ids?.[1]),\n ],\n securityGroupIds: [exampleSecurityGroup.id],\n },\n advancedOptions: {\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n accessPolicies: examplePolicyDocument.then(examplePolicyDocument =\u003e examplePolicyDocument.json),\n tags: {\n Domain: \"TestDomain\",\n },\n}, {\n dependsOn: [exampleServiceLinkedRole],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc = config.require_object(\"vpc\")\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\nexample_vpc = aws.ec2.get_vpc(tags={\n \"Name\": vpc,\n})\nexample_subnets = aws.ec2.get_subnets(filters=[aws.ec2.GetSubnetsFilterArgs(\n name=\"vpc-id\",\n values=[example_vpc.id],\n )],\n tags={\n \"Tier\": \"private\",\n })\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_security_group = aws.ec2.SecurityGroup(\"exampleSecurityGroup\",\n description=\"Managed by Pulumi\",\n vpc_id=example_vpc.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[example_vpc.cidr_block],\n )])\nexample_service_linked_role = aws.iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", aws_service_name=\"opensearchservice.amazonaws.com\")\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"*\",\n identifiers=[\"*\"],\n )],\n actions=[\"es:*\"],\n resources=[f\"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\"],\n)])\nexample_domain = aws.opensearch.Domain(\"exampleDomain\",\n engine_version=\"OpenSearch_1.0\",\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"m4.large.search\",\n zone_awareness_enabled=True,\n ),\n vpc_options=aws.opensearch.DomainVpcOptionsArgs(\n subnet_ids=[\n example_subnets.ids[0],\n example_subnets.ids[1],\n ],\n security_group_ids=[example_security_group.id],\n ),\n advanced_options={\n \"rest.action.multi.allow_explicit_index\": \"true\",\n },\n access_policies=example_policy_document.json,\n tags={\n \"Domain\": \"TestDomain\",\n },\n opts=pulumi.ResourceOptions(depends_on=[example_service_linked_role]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpc = config.RequireObject\u003cdynamic\u003e(\"vpc\");\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var exampleVpc = Aws.Ec2.GetVpc.Invoke(new()\n {\n Tags = \n {\n { \"Name\", vpc },\n },\n });\n\n var exampleSubnets = Aws.Ec2.GetSubnets.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetSubnetsFilterInputArgs\n {\n Name = \"vpc-id\",\n Values = new[]\n {\n exampleVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n },\n },\n },\n Tags = \n {\n { \"Tier\", \"private\" },\n },\n });\n\n var currentRegion = Aws.GetRegion.Invoke();\n\n var currentCallerIdentity = Aws.GetCallerIdentity.Invoke();\n\n var exampleSecurityGroup = new Aws.Ec2.SecurityGroup(\"exampleSecurityGroup\", new()\n {\n Description = \"Managed by Pulumi\",\n VpcId = exampleVpc.Apply(getVpcResult =\u003e getVpcResult.Id),\n Ingress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = new[]\n {\n exampleVpc.Apply(getVpcResult =\u003e getVpcResult.CidrBlock),\n },\n },\n },\n });\n\n var exampleServiceLinkedRole = new Aws.Iam.ServiceLinkedRole(\"exampleServiceLinkedRole\", new()\n {\n AwsServiceName = \"opensearchservice.amazonaws.com\",\n });\n\n var examplePolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"*\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n $\"arn:aws:es:{currentRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{currentCallerIdentity.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:domain/{domain}/*\",\n },\n },\n },\n });\n\n var exampleDomain = new Aws.OpenSearch.Domain(\"exampleDomain\", new()\n {\n EngineVersion = \"OpenSearch_1.0\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"m4.large.search\",\n ZoneAwarenessEnabled = true,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SubnetIds = new[]\n {\n exampleSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[0]),\n exampleSubnets.Apply(getSubnetsResult =\u003e getSubnetsResult.Ids[1]),\n },\n SecurityGroupIds = new[]\n {\n exampleSecurityGroup.Id,\n },\n },\n AdvancedOptions = \n {\n { \"rest.action.multi.allow_explicit_index\", \"true\" },\n },\n AccessPolicies = examplePolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleServiceLinkedRole,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpc := cfg.RequireObject(\"vpc\")\ndomain := \"tf-test\";\nif param := cfg.Get(\"domain\"); param != \"\"{\ndomain = param\n}\nexampleVpc, err := ec2.LookupVpc(ctx, \u0026ec2.LookupVpcArgs{\nTags: interface{}{\nName: vpc,\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleSubnets, err := ec2.GetSubnets(ctx, \u0026ec2.GetSubnetsArgs{\nFilters: []ec2.GetSubnetsFilter{\n{\nName: \"vpc-id\",\nValues: interface{}{\nexampleVpc.Id,\n},\n},\n},\nTags: map[string]interface{}{\n\"Tier\": \"private\",\n},\n}, nil);\nif err != nil {\nreturn err\n}\ncurrentRegion, err := aws.GetRegion(ctx, nil, nil);\nif err != nil {\nreturn err\n}\ncurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil);\nif err != nil {\nreturn err\n}\nexampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"exampleSecurityGroup\", \u0026ec2.SecurityGroupArgs{\nDescription: pulumi.String(\"Managed by Pulumi\"),\nVpcId: *pulumi.String(exampleVpc.Id),\nIngress: ec2.SecurityGroupIngressArray{\n\u0026ec2.SecurityGroupIngressArgs{\nFromPort: pulumi.Int(443),\nToPort: pulumi.Int(443),\nProtocol: pulumi.String(\"tcp\"),\nCidrBlocks: pulumi.StringArray{\n*pulumi.String(exampleVpc.CidrBlock),\n},\n},\n},\n})\nif err != nil {\nreturn err\n}\nexampleServiceLinkedRole, err := iam.NewServiceLinkedRole(ctx, \"exampleServiceLinkedRole\", \u0026iam.ServiceLinkedRoleArgs{\nAwsServiceName: pulumi.String(\"opensearchservice.amazonaws.com\"),\n})\nif err != nil {\nreturn err\n}\nexamplePolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"*\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"es:*\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:es:%v:%v:domain/%v/*\", currentRegion.Name, currentCallerIdentity.AccountId, domain),\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = opensearch.NewDomain(ctx, \"exampleDomain\", \u0026opensearch.DomainArgs{\nEngineVersion: pulumi.String(\"OpenSearch_1.0\"),\nClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\nInstanceType: pulumi.String(\"m4.large.search\"),\nZoneAwarenessEnabled: pulumi.Bool(true),\n},\nVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\nSubnetIds: pulumi.StringArray{\n*pulumi.String(exampleSubnets.Ids[0]),\n*pulumi.String(exampleSubnets.Ids[1]),\n},\nSecurityGroupIds: pulumi.StringArray{\nexampleSecurityGroup.ID(),\n},\n},\nAdvancedOptions: pulumi.StringMap{\n\"rest.action.multi.allow_explicit_index\": pulumi.String(\"true\"),\n},\nAccessPolicies: *pulumi.String(examplePolicyDocument.Json),\nTags: pulumi.StringMap{\n\"Domain\": pulumi.String(\"TestDomain\"),\n},\n}, pulumi.DependsOn([]pulumi.Resource{\nexampleServiceLinkedRole,\n}))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcArgs;\nimport com.pulumi.aws.ec2.inputs.GetSubnetsArgs;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupIngressArgs;\nimport com.pulumi.aws.iam.ServiceLinkedRole;\nimport com.pulumi.aws.iam.ServiceLinkedRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpc = config.get(\"vpc\");\n final var domain = config.get(\"domain\").orElse(\"tf-test\");\n final var exampleVpc = Ec2Functions.getVpc(GetVpcArgs.builder()\n .tags(Map.of(\"Name\", vpc))\n .build());\n\n final var exampleSubnets = Ec2Functions.getSubnets(GetSubnetsArgs.builder()\n .filters(GetSubnetsFilterArgs.builder()\n .name(\"vpc-id\")\n .values(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .build())\n .tags(Map.of(\"Tier\", \"private\"))\n .build());\n\n final var currentRegion = AwsFunctions.getRegion();\n\n final var currentCallerIdentity = AwsFunctions.getCallerIdentity();\n\n var exampleSecurityGroup = new SecurityGroup(\"exampleSecurityGroup\", SecurityGroupArgs.builder() \n .description(\"Managed by Pulumi\")\n .vpcId(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.id()))\n .ingress(SecurityGroupIngressArgs.builder()\n .fromPort(443)\n .toPort(443)\n .protocol(\"tcp\")\n .cidrBlocks(exampleVpc.applyValue(getVpcResult -\u003e getVpcResult.cidrBlock()))\n .build())\n .build());\n\n var exampleServiceLinkedRole = new ServiceLinkedRole(\"exampleServiceLinkedRole\", ServiceLinkedRoleArgs.builder() \n .awsServiceName(\"opensearchservice.amazonaws.com\")\n .build());\n\n final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"*\")\n .identifiers(\"*\")\n .build())\n .actions(\"es:*\")\n .resources(String.format(\"arn:aws:es:%s:%s:domain/%s/*\", currentRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),currentCallerIdentity.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()),domain))\n .build())\n .build());\n\n var exampleDomain = new Domain(\"exampleDomain\", DomainArgs.builder() \n .engineVersion(\"OpenSearch_1.0\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"m4.large.search\")\n .zoneAwarenessEnabled(true)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .subnetIds( \n exampleSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[0]),\n exampleSubnets.applyValue(getSubnetsResult -\u003e getSubnetsResult.ids()[1]))\n .securityGroupIds(exampleSecurityGroup.id())\n .build())\n .advancedOptions(Map.of(\"rest.action.multi.allow_explicit_index\", \"true\"))\n .accessPolicies(examplePolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .tags(Map.of(\"Domain\", \"TestDomain\"))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleServiceLinkedRole)\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpc:\n type: dynamic\n domain:\n type: string\n default: tf-test\nresources:\n exampleSecurityGroup:\n type: aws:ec2:SecurityGroup\n properties:\n description: Managed by Pulumi\n vpcId: ${exampleVpc.id}\n ingress:\n - fromPort: 443\n toPort: 443\n protocol: tcp\n cidrBlocks:\n - ${exampleVpc.cidrBlock}\n exampleServiceLinkedRole:\n type: aws:iam:ServiceLinkedRole\n properties:\n awsServiceName: opensearchservice.amazonaws.com\n exampleDomain:\n type: aws:opensearch:Domain\n properties:\n engineVersion: OpenSearch_1.0\n clusterConfig:\n instanceType: m4.large.search\n zoneAwarenessEnabled: true\n vpcOptions:\n subnetIds:\n - ${exampleSubnets.ids[0]}\n - ${exampleSubnets.ids[1]}\n securityGroupIds:\n - ${exampleSecurityGroup.id}\n advancedOptions:\n rest.action.multi.allow_explicit_index: 'true'\n accessPolicies: ${examplePolicyDocument.json}\n tags:\n Domain: TestDomain\n options:\n dependson:\n - ${exampleServiceLinkedRole}\nvariables:\n exampleVpc:\n fn::invoke:\n Function: aws:ec2:getVpc\n Arguments:\n tags:\n Name: ${vpc}\n exampleSubnets:\n fn::invoke:\n Function: aws:ec2:getSubnets\n Arguments:\n filters:\n - name: vpc-id\n values:\n - ${exampleVpc.id}\n tags:\n Tier: private\n currentRegion:\n fn::invoke:\n Function: aws:getRegion\n Arguments: {}\n currentCallerIdentity:\n fn::invoke:\n Function: aws:getCallerIdentity\n Arguments: {}\n examplePolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: '*'\n identifiers:\n - '*'\n actions:\n - es:*\n resources:\n - arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\n```\n{{% /example %}}\n### Enabling fine-grained access control on an existing domain\n\nThis example shows two configurations: one to create a domain without fine-grained access control and the second to modify the domain to enable fine-grained access control. For more information, see [Enabling fine-grained access control](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html).\n{{% example %}}\n### First apply\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n advancedSecurityOptions: {\n anonymousAuthEnabled: true,\n enabled: false,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n encryptAtRest: {\n enabled: true,\n },\n engineVersion: \"Elasticsearch_7.1\",\n nodeToNodeEncryption: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n anonymous_auth_enabled=True,\n enabled=False,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n engine_version=\"Elasticsearch_7.1\",\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n AnonymousAuthEnabled = true,\n Enabled = false,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n EngineVersion = \"Elasticsearch_7.1\",\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .anonymousAuthEnabled(true)\n .enabled(false)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .engineVersion(\"Elasticsearch_7.1\")\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n advancedSecurityOptions:\n anonymousAuthEnabled: true\n enabled: false\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n clusterConfig:\n instanceType: r5.large.search\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n encryptAtRest:\n enabled: true\n engineVersion: Elasticsearch_7.1\n nodeToNodeEncryption:\n enabled: true\n```\n{{% /example %}}\n{{% example %}}\n### Second apply\n\nNotice that the only change is `advanced_security_options.0.enabled` is now set to `true`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.opensearch.Domain(\"example\", {\n advancedSecurityOptions: {\n anonymousAuthEnabled: true,\n enabled: true,\n internalUserDatabaseEnabled: true,\n masterUserOptions: {\n masterUserName: \"example\",\n masterUserPassword: \"Barbarbarbar1!\",\n },\n },\n clusterConfig: {\n instanceType: \"r5.large.search\",\n },\n domainEndpointOptions: {\n enforceHttps: true,\n tlsSecurityPolicy: \"Policy-Min-TLS-1-2-2019-07\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n encryptAtRest: {\n enabled: true,\n },\n engineVersion: \"Elasticsearch_7.1\",\n nodeToNodeEncryption: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.opensearch.Domain(\"example\",\n advanced_security_options=aws.opensearch.DomainAdvancedSecurityOptionsArgs(\n anonymous_auth_enabled=True,\n enabled=True,\n internal_user_database_enabled=True,\n master_user_options=aws.opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs(\n master_user_name=\"example\",\n master_user_password=\"Barbarbarbar1!\",\n ),\n ),\n cluster_config=aws.opensearch.DomainClusterConfigArgs(\n instance_type=\"r5.large.search\",\n ),\n domain_endpoint_options=aws.opensearch.DomainDomainEndpointOptionsArgs(\n enforce_https=True,\n tls_security_policy=\"Policy-Min-TLS-1-2-2019-07\",\n ),\n ebs_options=aws.opensearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n encrypt_at_rest=aws.opensearch.DomainEncryptAtRestArgs(\n enabled=True,\n ),\n engine_version=\"Elasticsearch_7.1\",\n node_to_node_encryption=aws.opensearch.DomainNodeToNodeEncryptionArgs(\n enabled=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.OpenSearch.Domain(\"example\", new()\n {\n AdvancedSecurityOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsArgs\n {\n AnonymousAuthEnabled = true,\n Enabled = true,\n InternalUserDatabaseEnabled = true,\n MasterUserOptions = new Aws.OpenSearch.Inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs\n {\n MasterUserName = \"example\",\n MasterUserPassword = \"Barbarbarbar1!\",\n },\n },\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r5.large.search\",\n },\n DomainEndpointOptions = new Aws.OpenSearch.Inputs.DomainDomainEndpointOptionsArgs\n {\n EnforceHttps = true,\n TlsSecurityPolicy = \"Policy-Min-TLS-1-2-2019-07\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n EncryptAtRest = new Aws.OpenSearch.Inputs.DomainEncryptAtRestArgs\n {\n Enabled = true,\n },\n EngineVersion = \"Elasticsearch_7.1\",\n NodeToNodeEncryption = new Aws.OpenSearch.Inputs.DomainNodeToNodeEncryptionArgs\n {\n Enabled = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opensearch.NewDomain(ctx, \"example\", \u0026opensearch.DomainArgs{\n\t\t\tAdvancedSecurityOptions: \u0026opensearch.DomainAdvancedSecurityOptionsArgs{\n\t\t\t\tAnonymousAuthEnabled: pulumi.Bool(true),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tInternalUserDatabaseEnabled: pulumi.Bool(true),\n\t\t\t\tMasterUserOptions: \u0026opensearch.DomainAdvancedSecurityOptionsMasterUserOptionsArgs{\n\t\t\t\t\tMasterUserName: pulumi.String(\"example\"),\n\t\t\t\t\tMasterUserPassword: pulumi.String(\"Barbarbarbar1!\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r5.large.search\"),\n\t\t\t},\n\t\t\tDomainEndpointOptions: \u0026opensearch.DomainDomainEndpointOptionsArgs{\n\t\t\t\tEnforceHttps: pulumi.Bool(true),\n\t\t\t\tTlsSecurityPolicy: pulumi.String(\"Policy-Min-TLS-1-2-2019-07\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tEncryptAtRest: \u0026opensearch.DomainEncryptAtRestArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tEngineVersion: pulumi.String(\"Elasticsearch_7.1\"),\n\t\t\tNodeToNodeEncryption: \u0026opensearch.DomainNodeToNodeEncryptionArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainAdvancedSecurityOptionsMasterUserOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainDomainEndpointOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEncryptAtRestArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainNodeToNodeEncryptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Domain(\"example\", DomainArgs.builder() \n .advancedSecurityOptions(DomainAdvancedSecurityOptionsArgs.builder()\n .anonymousAuthEnabled(true)\n .enabled(true)\n .internalUserDatabaseEnabled(true)\n .masterUserOptions(DomainAdvancedSecurityOptionsMasterUserOptionsArgs.builder()\n .masterUserName(\"example\")\n .masterUserPassword(\"Barbarbarbar1!\")\n .build())\n .build())\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceType(\"r5.large.search\")\n .build())\n .domainEndpointOptions(DomainDomainEndpointOptionsArgs.builder()\n .enforceHttps(true)\n .tlsSecurityPolicy(\"Policy-Min-TLS-1-2-2019-07\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .encryptAtRest(DomainEncryptAtRestArgs.builder()\n .enabled(true)\n .build())\n .engineVersion(\"Elasticsearch_7.1\")\n .nodeToNodeEncryption(DomainNodeToNodeEncryptionArgs.builder()\n .enabled(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:opensearch:Domain\n properties:\n advancedSecurityOptions:\n anonymousAuthEnabled: true\n enabled: true\n internalUserDatabaseEnabled: true\n masterUserOptions:\n masterUserName: example\n masterUserPassword: Barbarbarbar1!\n clusterConfig:\n instanceType: r5.large.search\n domainEndpointOptions:\n enforceHttps: true\n tlsSecurityPolicy: Policy-Min-TLS-1-2-2019-07\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n encryptAtRest:\n enabled: true\n engineVersion: Elasticsearch_7.1\n nodeToNodeEncryption:\n enabled: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import OpenSearch domains using the `domain_name`. For example:\n\n```sh\n $ pulumi import aws:opensearch/domain:Domain example domain_name\n```\n ", "properties": { "accessPolicies": { "type": "string", @@ -298169,7 +298169,7 @@ } }, "aws:rds/customDbEngineVersion:CustomDbEngineVersion": { - "description": "Provides an custom engine version (CEV) resource for Amazon RDS Custom. For additional information, see [Working with CEVs for RDS Custom for Oracle](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html) and [Working with CEVs for RDS Custom for SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev-sqlserver.html) in the the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### RDS Custom for Oracle Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {description: \"KMS symmetric key for RDS Custom for Oracle\"});\nconst exampleCustomDbEngineVersion = new aws.rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", {\n databaseInstallationFilesS3BucketName: \"DOC-EXAMPLE-BUCKET\",\n databaseInstallationFilesS3Prefix: \"1915_GI/\",\n engine: \"custom-oracle-ee-cdb\",\n engineVersion: \"19.cdb_cev1\",\n kmsKeyId: exampleKey.arn,\n manifest: ` {\n\t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n`,\n tags: {\n Name: \"example\",\n Key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\", description=\"KMS symmetric key for RDS Custom for Oracle\")\nexample_custom_db_engine_version = aws.rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\",\n database_installation_files_s3_bucket_name=\"DOC-EXAMPLE-BUCKET\",\n database_installation_files_s3_prefix=\"1915_GI/\",\n engine=\"custom-oracle-ee-cdb\",\n engine_version=\"19.cdb_cev1\",\n kms_key_id=example_key.arn,\n manifest=\"\"\" {\n\t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n\"\"\",\n tags={\n \"Name\": \"example\",\n \"Key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new()\n {\n Description = \"KMS symmetric key for RDS Custom for Oracle\",\n });\n\n var exampleCustomDbEngineVersion = new Aws.Rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", new()\n {\n DatabaseInstallationFilesS3BucketName = \"DOC-EXAMPLE-BUCKET\",\n DatabaseInstallationFilesS3Prefix = \"1915_GI/\",\n Engine = \"custom-oracle-ee-cdb\",\n EngineVersion = \"19.cdb_cev1\",\n KmsKeyId = exampleKey.Arn,\n Manifest = @\" {\n\t\"\"databaseInstallationFileNames\"\":[\"\"V982063-01.zip\"\"]\n }\n\",\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"KMS symmetric key for RDS Custom for Oracle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewCustomDbEngineVersion(ctx, \"exampleCustomDbEngineVersion\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tDatabaseInstallationFilesS3BucketName: pulumi.String(\"DOC-EXAMPLE-BUCKET\"),\n\t\t\tDatabaseInstallationFilesS3Prefix: pulumi.String(\"1915_GI/\"),\n\t\t\tEngine: pulumi.String(\"custom-oracle-ee-cdb\"),\n\t\t\tEngineVersion: pulumi.String(\"19.cdb_cev1\"),\n\t\t\tKmsKeyId: exampleKey.Arn,\n\t\t\tManifest: pulumi.String(\" {\\n\t\\\"databaseInstallationFileNames\\\":[\\\"V982063-01.zip\\\"]\\n }\\n\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t\t\"Key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .description(\"KMS symmetric key for RDS Custom for Oracle\")\n .build());\n\n var exampleCustomDbEngineVersion = new CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", CustomDbEngineVersionArgs.builder() \n .databaseInstallationFilesS3BucketName(\"DOC-EXAMPLE-BUCKET\")\n .databaseInstallationFilesS3Prefix(\"1915_GI/\")\n .engine(\"custom-oracle-ee-cdb\")\n .engineVersion(\"19.cdb_cev1\")\n .kmsKeyId(exampleKey.arn())\n .manifest(\"\"\"\n {\n\t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n \"\"\")\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"example\"),\n Map.entry(\"Key\", \"value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleKey:\n type: aws:kms:Key\n properties:\n description: KMS symmetric key for RDS Custom for Oracle\n exampleCustomDbEngineVersion:\n type: aws:rds:CustomDbEngineVersion\n properties:\n databaseInstallationFilesS3BucketName: DOC-EXAMPLE-BUCKET\n databaseInstallationFilesS3Prefix: 1915_GI/\n engine: custom-oracle-ee-cdb\n engineVersion: 19.cdb_cev1\n kmsKeyId: ${exampleKey.arn}\n manifest: |2\n {\n \t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n tags:\n Name: example\n Key: value\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for Oracle External Manifest Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as crypto from \"crypto\";\nimport * as fs from \"fs\";\n\nfunction computeFilebase64sha256(path: string): string {\n\tconst fileData = Buffer.from(fs.readFileSync(path, 'binary'))\n\treturn crypto.createHash('sha256').update(fileData).digest('hex')\n}\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {description: \"KMS symmetric key for RDS Custom for Oracle\"});\nconst exampleCustomDbEngineVersion = new aws.rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", {\n databaseInstallationFilesS3BucketName: \"DOC-EXAMPLE-BUCKET\",\n databaseInstallationFilesS3Prefix: \"1915_GI/\",\n engine: \"custom-oracle-ee-cdb\",\n engineVersion: \"19.cdb_cev1\",\n kmsKeyId: exampleKey.arn,\n filename: \"manifest_1915_GI.json\",\n manifestHash: computeFilebase64sha256(manifest_1915_GI.json),\n tags: {\n Name: \"example\",\n Key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport base64\nimport hashlib\nimport pulumi_aws as aws\n\ndef computeFilebase64sha256(path):\n\tfileData = open(path).read().encode()\n\thashedData = hashlib.sha256(fileData.encode()).digest()\n\treturn base64.b64encode(hashedData).decode()\n\nexample_key = aws.kms.Key(\"exampleKey\", description=\"KMS symmetric key for RDS Custom for Oracle\")\nexample_custom_db_engine_version = aws.rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\",\n database_installation_files_s3_bucket_name=\"DOC-EXAMPLE-BUCKET\",\n database_installation_files_s3_prefix=\"1915_GI/\",\n engine=\"custom-oracle-ee-cdb\",\n engine_version=\"19.cdb_cev1\",\n kms_key_id=example_key.arn,\n filename=\"manifest_1915_GI.json\",\n manifest_hash=computeFilebase64sha256(manifest_1915__gi[\"json\"]),\n tags={\n \"Name\": \"example\",\n \"Key\": \"value\",\n })\n```\n```csharp\nusing System;\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing System.Security.Cryptography;\nusing System.Text;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\n\t\nstring ComputeFileBase64Sha256(string path) \n{\n var fileData = Encoding.UTF8.GetBytes(File.ReadAllText(path));\n var hashData = SHA256.Create().ComputeHash(fileData);\n return Convert.ToBase64String(hashData);\n}\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new()\n {\n Description = \"KMS symmetric key for RDS Custom for Oracle\",\n });\n\n var exampleCustomDbEngineVersion = new Aws.Rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", new()\n {\n DatabaseInstallationFilesS3BucketName = \"DOC-EXAMPLE-BUCKET\",\n DatabaseInstallationFilesS3Prefix = \"1915_GI/\",\n Engine = \"custom-oracle-ee-cdb\",\n EngineVersion = \"19.cdb_cev1\",\n KmsKeyId = exampleKey.Arn,\n Filename = \"manifest_1915_GI.json\",\n ManifestHash = ComputeFileBase64Sha256(manifest_1915_GI.Json),\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"crypto/sha256\"\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc filebase64sha256OrPanic(path string) string {\n\tif fileData, err := os.ReadFile(path); err == nil {\n\t\thashedData := sha256.Sum256([]byte(fileData))\n\t\treturn base64.StdEncoding.EncodeToString(hashedData[:])\n\t} else {\n\t\tpanic(err.Error())\n\t}\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"KMS symmetric key for RDS Custom for Oracle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewCustomDbEngineVersion(ctx, \"exampleCustomDbEngineVersion\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tDatabaseInstallationFilesS3BucketName: pulumi.String(\"DOC-EXAMPLE-BUCKET\"),\n\t\t\tDatabaseInstallationFilesS3Prefix: pulumi.String(\"1915_GI/\"),\n\t\t\tEngine: pulumi.String(\"custom-oracle-ee-cdb\"),\n\t\t\tEngineVersion: pulumi.String(\"19.cdb_cev1\"),\n\t\t\tKmsKeyId: exampleKey.Arn,\n\t\t\tFilename: pulumi.String(\"manifest_1915_GI.json\"),\n\t\t\tManifestHash: filebase64sha256OrPanic(manifest_1915_GI.Json),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t\t\"Key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .description(\"KMS symmetric key for RDS Custom for Oracle\")\n .build());\n\n var exampleCustomDbEngineVersion = new CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", CustomDbEngineVersionArgs.builder() \n .databaseInstallationFilesS3BucketName(\"DOC-EXAMPLE-BUCKET\")\n .databaseInstallationFilesS3Prefix(\"1915_GI/\")\n .engine(\"custom-oracle-ee-cdb\")\n .engineVersion(\"19.cdb_cev1\")\n .kmsKeyId(exampleKey.arn())\n .filename(\"manifest_1915_GI.json\")\n .manifestHash(computeFileBase64Sha256(manifest_1915_GI.json()))\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"example\"),\n Map.entry(\"Key\", \"value\")\n ))\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for SQL Server Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// CEV creation requires an AMI owned by the operator\nconst test = new aws.rds.CustomDbEngineVersion(\"test\", {\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.cev-1\",\n sourceImageId: \"ami-0aa12345678a12ab1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# CEV creation requires an AMI owned by the operator\ntest = aws.rds.CustomDbEngineVersion(\"test\",\n engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.cev-1\",\n source_image_id=\"ami-0aa12345678a12ab1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // CEV creation requires an AMI owned by the operator\n var test = new Aws.Rds.CustomDbEngineVersion(\"test\", new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.cev-1\",\n SourceImageId = \"ami-0aa12345678a12ab1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCustomDbEngineVersion(ctx, \"test\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tEngine: pulumi.String(\"custom-sqlserver-se\"),\n\t\t\tEngineVersion: pulumi.String(\"15.00.4249.2.cev-1\"),\n\t\t\tSourceImageId: pulumi.String(\"ami-0aa12345678a12ab1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new CustomDbEngineVersion(\"test\", CustomDbEngineVersionArgs.builder() \n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.cev-1\")\n .sourceImageId(\"ami-0aa12345678a12ab1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # CEV creation requires an AMI owned by the operator\n test:\n type: aws:rds:CustomDbEngineVersion\n properties:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.cev-1\n sourceImageId: ami-0aa12345678a12ab1\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for SQL Server Usage with AMI from another region\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiCopy(\"example\", {\n description: \"A copy of ami-xxxxxxxx\",\n sourceAmiId: \"ami-xxxxxxxx\",\n sourceAmiRegion: \"us-east-1\",\n});\n// CEV creation requires an AMI owned by the operator\nconst test = new aws.rds.CustomDbEngineVersion(\"test\", {\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.cev-1\",\n sourceImageId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiCopy(\"example\",\n description=\"A copy of ami-xxxxxxxx\",\n source_ami_id=\"ami-xxxxxxxx\",\n source_ami_region=\"us-east-1\")\n# CEV creation requires an AMI owned by the operator\ntest = aws.rds.CustomDbEngineVersion(\"test\",\n engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.cev-1\",\n source_image_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.AmiCopy(\"example\", new()\n {\n Description = \"A copy of ami-xxxxxxxx\",\n SourceAmiId = \"ami-xxxxxxxx\",\n SourceAmiRegion = \"us-east-1\",\n });\n\n // CEV creation requires an AMI owned by the operator\n var test = new Aws.Rds.CustomDbEngineVersion(\"test\", new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.cev-1\",\n SourceImageId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewAmiCopy(ctx, \"example\", \u0026ec2.AmiCopyArgs{\n\t\t\tDescription: pulumi.String(\"A copy of ami-xxxxxxxx\"),\n\t\t\tSourceAmiId: pulumi.String(\"ami-xxxxxxxx\"),\n\t\t\tSourceAmiRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewCustomDbEngineVersion(ctx, \"test\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tEngine: pulumi.String(\"custom-sqlserver-se\"),\n\t\t\tEngineVersion: pulumi.String(\"15.00.4249.2.cev-1\"),\n\t\t\tSourceImageId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.AmiCopy;\nimport com.pulumi.aws.ec2.AmiCopyArgs;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AmiCopy(\"example\", AmiCopyArgs.builder() \n .description(\"A copy of ami-xxxxxxxx\")\n .sourceAmiId(\"ami-xxxxxxxx\")\n .sourceAmiRegion(\"us-east-1\")\n .build());\n\n var test = new CustomDbEngineVersion(\"test\", CustomDbEngineVersionArgs.builder() \n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.cev-1\")\n .sourceImageId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:AmiCopy\n properties:\n description: A copy of ami-xxxxxxxx\n sourceAmiId: ami-xxxxxxxx\n sourceAmiRegion: us-east-1\n # CEV creation requires an AMI owned by the operator\n test:\n type: aws:rds:CustomDbEngineVersion\n properties:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.cev-1\n sourceImageId: ${example.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import custom engine versions for Amazon RDS custom using the `engine` and `engine_version` separated by a colon (`:`). For example:\n\n```sh\n $ pulumi import aws:rds/customDbEngineVersion:CustomDbEngineVersion example custom-oracle-ee-cdb:19.cdb_cev1\n```\n ", + "description": "Provides an custom engine version (CEV) resource for Amazon RDS Custom. For additional information, see [Working with CEVs for RDS Custom for Oracle](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev.html) and [Working with CEVs for RDS Custom for SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-cev-sqlserver.html) in the the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### RDS Custom for Oracle Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {description: \"KMS symmetric key for RDS Custom for Oracle\"});\nconst exampleCustomDbEngineVersion = new aws.rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", {\n databaseInstallationFilesS3BucketName: \"DOC-EXAMPLE-BUCKET\",\n databaseInstallationFilesS3Prefix: \"1915_GI/\",\n engine: \"custom-oracle-ee-cdb\",\n engineVersion: \"19.cdb_cev1\",\n kmsKeyId: exampleKey.arn,\n manifest: ` {\n\t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n`,\n tags: {\n Name: \"example\",\n Key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\", description=\"KMS symmetric key for RDS Custom for Oracle\")\nexample_custom_db_engine_version = aws.rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\",\n database_installation_files_s3_bucket_name=\"DOC-EXAMPLE-BUCKET\",\n database_installation_files_s3_prefix=\"1915_GI/\",\n engine=\"custom-oracle-ee-cdb\",\n engine_version=\"19.cdb_cev1\",\n kms_key_id=example_key.arn,\n manifest=\"\"\" {\n\t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n\"\"\",\n tags={\n \"Name\": \"example\",\n \"Key\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new()\n {\n Description = \"KMS symmetric key for RDS Custom for Oracle\",\n });\n\n var exampleCustomDbEngineVersion = new Aws.Rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", new()\n {\n DatabaseInstallationFilesS3BucketName = \"DOC-EXAMPLE-BUCKET\",\n DatabaseInstallationFilesS3Prefix = \"1915_GI/\",\n Engine = \"custom-oracle-ee-cdb\",\n EngineVersion = \"19.cdb_cev1\",\n KmsKeyId = exampleKey.Arn,\n Manifest = @\" {\n\t\"\"databaseInstallationFileNames\"\":[\"\"V982063-01.zip\"\"]\n }\n\",\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"KMS symmetric key for RDS Custom for Oracle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewCustomDbEngineVersion(ctx, \"exampleCustomDbEngineVersion\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tDatabaseInstallationFilesS3BucketName: pulumi.String(\"DOC-EXAMPLE-BUCKET\"),\n\t\t\tDatabaseInstallationFilesS3Prefix: pulumi.String(\"1915_GI/\"),\n\t\t\tEngine: pulumi.String(\"custom-oracle-ee-cdb\"),\n\t\t\tEngineVersion: pulumi.String(\"19.cdb_cev1\"),\n\t\t\tKmsKeyId: exampleKey.Arn,\n\t\t\tManifest: pulumi.String(\" {\\n\t\\\"databaseInstallationFileNames\\\":[\\\"V982063-01.zip\\\"]\\n }\\n\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t\t\"Key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .description(\"KMS symmetric key for RDS Custom for Oracle\")\n .build());\n\n var exampleCustomDbEngineVersion = new CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", CustomDbEngineVersionArgs.builder() \n .databaseInstallationFilesS3BucketName(\"DOC-EXAMPLE-BUCKET\")\n .databaseInstallationFilesS3Prefix(\"1915_GI/\")\n .engine(\"custom-oracle-ee-cdb\")\n .engineVersion(\"19.cdb_cev1\")\n .kmsKeyId(exampleKey.arn())\n .manifest(\"\"\"\n {\n\t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n \"\"\")\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"example\"),\n Map.entry(\"Key\", \"value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleKey:\n type: aws:kms:Key\n properties:\n description: KMS symmetric key for RDS Custom for Oracle\n exampleCustomDbEngineVersion:\n type: aws:rds:CustomDbEngineVersion\n properties:\n databaseInstallationFilesS3BucketName: DOC-EXAMPLE-BUCKET\n databaseInstallationFilesS3Prefix: 1915_GI/\n engine: custom-oracle-ee-cdb\n engineVersion: 19.cdb_cev1\n kmsKeyId: ${exampleKey.arn}\n manifest: |2\n {\n \t\"databaseInstallationFileNames\":[\"V982063-01.zip\"]\n }\n tags:\n Name: example\n Key: value\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for Oracle External Manifest Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as crypto from \"crypto\";\nimport * as fs from \"fs\";\n\nfunction computeFilebase64sha256(path: string): string {\n\tconst fileData = Buffer.from(fs.readFileSync(path, 'binary'))\n\treturn crypto.createHash('sha256').update(fileData).digest('hex')\n}\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {description: \"KMS symmetric key for RDS Custom for Oracle\"});\nconst exampleCustomDbEngineVersion = new aws.rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", {\n databaseInstallationFilesS3BucketName: \"DOC-EXAMPLE-BUCKET\",\n databaseInstallationFilesS3Prefix: \"1915_GI/\",\n engine: \"custom-oracle-ee-cdb\",\n engineVersion: \"19.cdb_cev1\",\n kmsKeyId: exampleKey.arn,\n filename: \"manifest_1915_GI.json\",\n manifestHash: computeFilebase64sha256(manifest_1915_GI.json),\n tags: {\n Name: \"example\",\n Key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport base64\nimport hashlib\nimport pulumi_aws as aws\n\ndef computeFilebase64sha256(path):\n\tfileData = open(path).read().encode()\n\thashedData = hashlib.sha256(fileData.encode()).digest()\n\treturn base64.b64encode(hashedData).decode()\n\nexample_key = aws.kms.Key(\"exampleKey\", description=\"KMS symmetric key for RDS Custom for Oracle\")\nexample_custom_db_engine_version = aws.rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\",\n database_installation_files_s3_bucket_name=\"DOC-EXAMPLE-BUCKET\",\n database_installation_files_s3_prefix=\"1915_GI/\",\n engine=\"custom-oracle-ee-cdb\",\n engine_version=\"19.cdb_cev1\",\n kms_key_id=example_key.arn,\n filename=\"manifest_1915_GI.json\",\n manifest_hash=computeFilebase64sha256(manifest_1915__gi[\"json\"]),\n tags={\n \"Name\": \"example\",\n \"Key\": \"value\",\n })\n```\n```csharp\nusing System;\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing System.Security.Cryptography;\nusing System.Text;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\n\t\nstring ComputeFileBase64Sha256(string path) \n{\n var fileData = Encoding.UTF8.GetBytes(File.ReadAllText(path));\n var hashData = SHA256.Create().ComputeHash(fileData);\n return Convert.ToBase64String(hashData);\n}\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new()\n {\n Description = \"KMS symmetric key for RDS Custom for Oracle\",\n });\n\n var exampleCustomDbEngineVersion = new Aws.Rds.CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", new()\n {\n DatabaseInstallationFilesS3BucketName = \"DOC-EXAMPLE-BUCKET\",\n DatabaseInstallationFilesS3Prefix = \"1915_GI/\",\n Engine = \"custom-oracle-ee-cdb\",\n EngineVersion = \"19.cdb_cev1\",\n KmsKeyId = exampleKey.Arn,\n Filename = \"manifest_1915_GI.json\",\n ManifestHash = ComputeFileBase64Sha256(manifest_1915_GI.Json),\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Key\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"crypto/sha256\"\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc filebase64sha256OrPanic(path string) string {\n\tif fileData, err := os.ReadFile(path); err == nil {\n\t\thashedData := sha256.Sum256([]byte(fileData))\n\t\treturn base64.StdEncoding.EncodeToString(hashedData[:])\n\t} else {\n\t\tpanic(err.Error())\n\t}\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"KMS symmetric key for RDS Custom for Oracle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewCustomDbEngineVersion(ctx, \"exampleCustomDbEngineVersion\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tDatabaseInstallationFilesS3BucketName: pulumi.String(\"DOC-EXAMPLE-BUCKET\"),\n\t\t\tDatabaseInstallationFilesS3Prefix: pulumi.String(\"1915_GI/\"),\n\t\t\tEngine: pulumi.String(\"custom-oracle-ee-cdb\"),\n\t\t\tEngineVersion: pulumi.String(\"19.cdb_cev1\"),\n\t\t\tKmsKeyId: exampleKey.Arn,\n\t\t\tFilename: pulumi.String(\"manifest_1915_GI.json\"),\n\t\t\tManifestHash: filebase64sha256OrPanic(manifest_1915_GI.Json),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t\t\"Key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleKey = new Key(\"exampleKey\", KeyArgs.builder() \n .description(\"KMS symmetric key for RDS Custom for Oracle\")\n .build());\n\n var exampleCustomDbEngineVersion = new CustomDbEngineVersion(\"exampleCustomDbEngineVersion\", CustomDbEngineVersionArgs.builder() \n .databaseInstallationFilesS3BucketName(\"DOC-EXAMPLE-BUCKET\")\n .databaseInstallationFilesS3Prefix(\"1915_GI/\")\n .engine(\"custom-oracle-ee-cdb\")\n .engineVersion(\"19.cdb_cev1\")\n .kmsKeyId(exampleKey.arn())\n .filename(\"manifest_1915_GI.json\")\n .manifestHash(computeFileBase64Sha256(manifest_1915_GI.json()))\n .tags(Map.ofEntries(\n Map.entry(\"Name\", \"example\"),\n Map.entry(\"Key\", \"value\")\n ))\n .build());\n\n }\n}\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for SQL Server Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// CEV creation requires an AMI owned by the operator\nconst test = new aws.rds.CustomDbEngineVersion(\"test\", {\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.cev-1\",\n sourceImageId: \"ami-0aa12345678a12ab1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# CEV creation requires an AMI owned by the operator\ntest = aws.rds.CustomDbEngineVersion(\"test\",\n engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.cev-1\",\n source_image_id=\"ami-0aa12345678a12ab1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // CEV creation requires an AMI owned by the operator\n var test = new Aws.Rds.CustomDbEngineVersion(\"test\", new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.cev-1\",\n SourceImageId = \"ami-0aa12345678a12ab1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// CEV creation requires an AMI owned by the operator\n\t\t_, err := rds.NewCustomDbEngineVersion(ctx, \"test\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tEngine: pulumi.String(\"custom-sqlserver-se\"),\n\t\t\tEngineVersion: pulumi.String(\"15.00.4249.2.cev-1\"),\n\t\t\tSourceImageId: pulumi.String(\"ami-0aa12345678a12ab1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var test = new CustomDbEngineVersion(\"test\", CustomDbEngineVersionArgs.builder() \n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.cev-1\")\n .sourceImageId(\"ami-0aa12345678a12ab1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # CEV creation requires an AMI owned by the operator\n test:\n type: aws:rds:CustomDbEngineVersion\n properties:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.cev-1\n sourceImageId: ami-0aa12345678a12ab1\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for SQL Server Usage with AMI from another region\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiCopy(\"example\", {\n description: \"A copy of ami-xxxxxxxx\",\n sourceAmiId: \"ami-xxxxxxxx\",\n sourceAmiRegion: \"us-east-1\",\n});\n// CEV creation requires an AMI owned by the operator\nconst test = new aws.rds.CustomDbEngineVersion(\"test\", {\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.cev-1\",\n sourceImageId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiCopy(\"example\",\n description=\"A copy of ami-xxxxxxxx\",\n source_ami_id=\"ami-xxxxxxxx\",\n source_ami_region=\"us-east-1\")\n# CEV creation requires an AMI owned by the operator\ntest = aws.rds.CustomDbEngineVersion(\"test\",\n engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.cev-1\",\n source_image_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.AmiCopy(\"example\", new()\n {\n Description = \"A copy of ami-xxxxxxxx\",\n SourceAmiId = \"ami-xxxxxxxx\",\n SourceAmiRegion = \"us-east-1\",\n });\n\n // CEV creation requires an AMI owned by the operator\n var test = new Aws.Rds.CustomDbEngineVersion(\"test\", new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.cev-1\",\n SourceImageId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewAmiCopy(ctx, \"example\", \u0026ec2.AmiCopyArgs{\n\t\t\tDescription: pulumi.String(\"A copy of ami-xxxxxxxx\"),\n\t\t\tSourceAmiId: pulumi.String(\"ami-xxxxxxxx\"),\n\t\t\tSourceAmiRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// CEV creation requires an AMI owned by the operator\n\t\t_, err = rds.NewCustomDbEngineVersion(ctx, \"test\", \u0026rds.CustomDbEngineVersionArgs{\n\t\t\tEngine: pulumi.String(\"custom-sqlserver-se\"),\n\t\t\tEngineVersion: pulumi.String(\"15.00.4249.2.cev-1\"),\n\t\t\tSourceImageId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.AmiCopy;\nimport com.pulumi.aws.ec2.AmiCopyArgs;\nimport com.pulumi.aws.rds.CustomDbEngineVersion;\nimport com.pulumi.aws.rds.CustomDbEngineVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new AmiCopy(\"example\", AmiCopyArgs.builder() \n .description(\"A copy of ami-xxxxxxxx\")\n .sourceAmiId(\"ami-xxxxxxxx\")\n .sourceAmiRegion(\"us-east-1\")\n .build());\n\n var test = new CustomDbEngineVersion(\"test\", CustomDbEngineVersionArgs.builder() \n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.cev-1\")\n .sourceImageId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:AmiCopy\n properties:\n description: A copy of ami-xxxxxxxx\n sourceAmiId: ami-xxxxxxxx\n sourceAmiRegion: us-east-1\n # CEV creation requires an AMI owned by the operator\n test:\n type: aws:rds:CustomDbEngineVersion\n properties:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.cev-1\n sourceImageId: ${example.id}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import custom engine versions for Amazon RDS custom using the `engine` and `engine_version` separated by a colon (`:`). For example:\n\n```sh\n $ pulumi import aws:rds/customDbEngineVersion:CustomDbEngineVersion example custom-oracle-ee-cdb:19.cdb_cev1\n```\n ", "properties": { "arn": { "type": "string", @@ -298821,7 +298821,7 @@ } }, "aws:rds/globalCluster:GlobalCluster": { - "description": "Manages an RDS Global Cluster, which is an Aurora global database spread across multiple regions. The global database contains a single primary cluster with read-write capability, and a read-only secondary cluster that receives data from the primary cluster through high-speed replication performed by the Aurora storage subsystem.\n\nMore information about Aurora global databases can be found in the [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database-creating).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### New MySQL Global Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora\",\n engineVersion: \"5.6.mysql_aurora.1.22.2\",\n databaseName: \"example_db\",\n});\nconst primaryCluster = new aws.rds.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.rds.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora\",\n engine_version=\"5.6.mysql_aurora.1.22.2\",\n database_name=\"example_db\")\nprimary_cluster = aws.rds.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.rds.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora\",\n EngineVersion = \"5.6.mysql_aurora.1.22.2\",\n DatabaseName = \"example_db\",\n });\n\n var primaryCluster = new Aws.Rds.Cluster(\"primaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var secondaryCluster = new Aws.Rds.Cluster(\"secondaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryClusterInstance,\n },\n });\n\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.mysql_aurora.1.22.2\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := rds.NewCluster(ctx, \"primaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := rds.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := rds.NewCluster(ctx, \"secondaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"aurora\")\n .engineVersion(\"5.6.mysql_aurora.1.22.2\")\n .databaseName(\"example_db\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .databaseName(\"example_db\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primaryCluster.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var secondaryCluster = new Cluster(\"secondaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryClusterInstance)\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondaryCluster.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: aurora\n engineVersion: 5.6.mysql_aurora.1.22.2\n databaseName: example_db\n primaryCluster:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n databaseName: example_db\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primaryCluster.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n secondaryCluster:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryClusterInstance}\n secondaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondaryCluster.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n```\n{{% /example %}}\n{{% example %}}\n### New PostgreSQL Global Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.Provider(\"primary\", {region: \"us-east-2\"});\nconst secondary = new aws.Provider(\"secondary\", {region: \"us-east-1\"});\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora-postgresql\",\n engineVersion: \"11.9\",\n databaseName: \"example_db\",\n});\nconst primaryCluster = new aws.rds.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.rds.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n skipFinalSnapshot: true,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.Provider(\"primary\", region=\"us-east-2\")\nsecondary = aws.Provider(\"secondary\", region=\"us-east-1\")\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora-postgresql\",\n engine_version=\"11.9\",\n database_name=\"example_db\")\nprimary_cluster = aws.rds.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.rds.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n skip_final_snapshot=True,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Aws.Provider(\"primary\", new()\n {\n Region = \"us-east-2\",\n });\n\n var secondary = new Aws.Provider(\"secondary\", new()\n {\n Region = \"us-east-1\",\n });\n\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora-postgresql\",\n EngineVersion = \"11.9\",\n DatabaseName = \"example_db\",\n });\n\n var primaryCluster = new Aws.Rds.Cluster(\"primaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var secondaryCluster = new Aws.Rds.Cluster(\"secondaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n SkipFinalSnapshot = true,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryClusterInstance,\n },\n });\n\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"primary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewProvider(ctx, \"secondary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora-postgresql\"),\n\t\t\tEngineVersion: pulumi.String(\"11.9\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := rds.NewCluster(ctx, \"primaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := rds.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := rds.NewCluster(ctx, \"secondaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Provider(\"primary\", ProviderArgs.builder() \n .region(\"us-east-2\")\n .build());\n\n var secondary = new Provider(\"secondary\", ProviderArgs.builder() \n .region(\"us-east-1\")\n .build());\n\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"aurora-postgresql\")\n .engineVersion(\"11.9\")\n .databaseName(\"example_db\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .databaseName(\"example_db\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primaryCluster.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var secondaryCluster = new Cluster(\"secondaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .skipFinalSnapshot(true)\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryClusterInstance)\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondaryCluster.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: pulumi:providers:aws\n properties:\n region: us-east-2\n secondary:\n type: pulumi:providers:aws\n properties:\n region: us-east-1\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: aurora-postgresql\n engineVersion: '11.9'\n databaseName: example_db\n primaryCluster:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n databaseName: example_db\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primaryCluster.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n secondaryCluster:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n skipFinalSnapshot: true\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryClusterInstance}\n secondaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondaryCluster.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n```\n{{% /example %}}\n{{% example %}}\n### New Global Cluster From Existing DB Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst exampleCluster = new aws.rds.Cluster(\"exampleCluster\", {});\nconst exampleGlobalCluster = new aws.rds.GlobalCluster(\"exampleGlobalCluster\", {\n forceDestroy: true,\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: exampleCluster.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample_cluster = aws.rds.Cluster(\"exampleCluster\")\nexample_global_cluster = aws.rds.GlobalCluster(\"exampleGlobalCluster\",\n force_destroy=True,\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example_cluster.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var exampleCluster = new Aws.Rds.Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new Aws.Rds.GlobalCluster(\"exampleGlobalCluster\", new()\n {\n ForceDestroy = true,\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = exampleCluster.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCluster, err := rds.NewCluster(ctx, \"exampleCluster\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewGlobalCluster(ctx, \"exampleGlobalCluster\", \u0026rds.GlobalClusterArgs{\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: exampleCluster.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCluster = new Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .forceDestroy(true)\n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(exampleCluster.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:rds:Cluster\n exampleGlobalCluster:\n type: aws:rds:GlobalCluster\n properties:\n forceDestroy: true\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${exampleCluster.arn}\n```\n{{% /example %}}\n{{% example %}}\n### Upgrading Engine Versions\n\nWhen you upgrade the version of an `aws.rds.GlobalCluster`, the provider will attempt to in-place upgrade the engine versions of all associated clusters. Since the `aws.rds.Cluster` resource is being updated through the `aws.rds.GlobalCluster`, you are likely to get an error (`Provider produced inconsistent final plan`). To avoid this, use the `lifecycle` `ignore_changes` meta argument as shown below on the `aws.rds.Cluster`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"kyivkharkiv\",\n engine: \"aurora-mysql\",\n engineVersion: \"5.7.mysql_aurora.2.07.5\",\n});\nconst primaryCluster = new aws.rds.Cluster(\"primaryCluster\", {\n allowMajorVersionUpgrade: true,\n applyImmediately: true,\n clusterIdentifier: \"odessadnipro\",\n databaseName: \"totoro\",\n engine: example.engine,\n engineVersion: example.engineVersion,\n globalClusterIdentifier: example.id,\n masterPassword: \"satsukimae\",\n masterUsername: \"maesatsuki\",\n skipFinalSnapshot: true,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primaryClusterInstance\", {\n applyImmediately: true,\n clusterIdentifier: primaryCluster.id,\n engine: primaryCluster.engine,\n engineVersion: primaryCluster.engineVersion,\n identifier: \"donetsklviv\",\n instanceClass: \"db.r4.large\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"kyivkharkiv\",\n engine=\"aurora-mysql\",\n engine_version=\"5.7.mysql_aurora.2.07.5\")\nprimary_cluster = aws.rds.Cluster(\"primaryCluster\",\n allow_major_version_upgrade=True,\n apply_immediately=True,\n cluster_identifier=\"odessadnipro\",\n database_name=\"totoro\",\n engine=example.engine,\n engine_version=example.engine_version,\n global_cluster_identifier=example.id,\n master_password=\"satsukimae\",\n master_username=\"maesatsuki\",\n skip_final_snapshot=True)\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primaryClusterInstance\",\n apply_immediately=True,\n cluster_identifier=primary_cluster.id,\n engine=primary_cluster.engine,\n engine_version=primary_cluster.engine_version,\n identifier=\"donetsklviv\",\n instance_class=\"db.r4.large\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"kyivkharkiv\",\n Engine = \"aurora-mysql\",\n EngineVersion = \"5.7.mysql_aurora.2.07.5\",\n });\n\n var primaryCluster = new Aws.Rds.Cluster(\"primaryCluster\", new()\n {\n AllowMajorVersionUpgrade = true,\n ApplyImmediately = true,\n ClusterIdentifier = \"odessadnipro\",\n DatabaseName = \"totoro\",\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n GlobalClusterIdentifier = example.Id,\n MasterPassword = \"satsukimae\",\n MasterUsername = \"maesatsuki\",\n SkipFinalSnapshot = true,\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primaryClusterInstance\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = primaryCluster.Id,\n Engine = primaryCluster.Engine,\n EngineVersion = primaryCluster.EngineVersion,\n Identifier = \"donetsklviv\",\n InstanceClass = \"db.r4.large\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"kyivkharkiv\"),\n\t\t\tEngine: pulumi.String(\"aurora-mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7.mysql_aurora.2.07.5\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := rds.NewCluster(ctx, \"primaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tAllowMajorVersionUpgrade: pulumi.Bool(true),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: pulumi.String(\"odessadnipro\"),\n\t\t\tDatabaseName: pulumi.String(\"totoro\"),\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tMasterPassword: pulumi.String(\"satsukimae\"),\n\t\t\tMasterUsername: pulumi.String(\"maesatsuki\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tEngine: primaryCluster.Engine,\n\t\t\tEngineVersion: primaryCluster.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"donetsklviv\"),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"kyivkharkiv\")\n .engine(\"aurora-mysql\")\n .engineVersion(\"5.7.mysql_aurora.2.07.5\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .allowMajorVersionUpgrade(true)\n .applyImmediately(true)\n .clusterIdentifier(\"odessadnipro\")\n .databaseName(\"totoro\")\n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .globalClusterIdentifier(example.id())\n .masterPassword(\"satsukimae\")\n .masterUsername(\"maesatsuki\")\n .skipFinalSnapshot(true)\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(primaryCluster.id())\n .engine(primaryCluster.engine())\n .engineVersion(primaryCluster.engineVersion())\n .identifier(\"donetsklviv\")\n .instanceClass(\"db.r4.large\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: kyivkharkiv\n engine: aurora-mysql\n engineVersion: 5.7.mysql_aurora.2.07.5\n primaryCluster:\n type: aws:rds:Cluster\n properties:\n allowMajorVersionUpgrade: true\n applyImmediately: true\n clusterIdentifier: odessadnipro\n databaseName: totoro\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n globalClusterIdentifier: ${example.id}\n masterPassword: satsukimae\n masterUsername: maesatsuki\n skipFinalSnapshot: true\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n applyImmediately: true\n clusterIdentifier: ${primaryCluster.id}\n engine: ${primaryCluster.engine}\n engineVersion: ${primaryCluster.engineVersion}\n identifier: donetsklviv\n instanceClass: db.r4.large\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_rds_global_cluster` using the RDS Global Cluster identifier. For example:\n\n```sh\n $ pulumi import aws:rds/globalCluster:GlobalCluster example example\n```\n Certain resource arguments, like `force_destroy`, only exist within this provider. If the argument is set in the the provider configuration on an imported resource, This provider will show a difference on the first plan after import to update the state value. This change is safe to apply immediately so the state matches the desired configuration.\n\nCertain resource arguments, like `source_db_cluster_identifier`, do not have an API method for reading the information after creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", + "description": "Manages an RDS Global Cluster, which is an Aurora global database spread across multiple regions. The global database contains a single primary cluster with read-write capability, and a read-only secondary cluster that receives data from the primary cluster through high-speed replication performed by the Aurora storage subsystem.\n\nMore information about Aurora global databases can be found in the [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database-creating).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### New MySQL Global Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora\",\n engineVersion: \"5.6.mysql_aurora.1.22.2\",\n databaseName: \"example_db\",\n});\nconst primaryCluster = new aws.rds.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.rds.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora\",\n engine_version=\"5.6.mysql_aurora.1.22.2\",\n database_name=\"example_db\")\nprimary_cluster = aws.rds.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.rds.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora\",\n EngineVersion = \"5.6.mysql_aurora.1.22.2\",\n DatabaseName = \"example_db\",\n });\n\n var primaryCluster = new Aws.Rds.Cluster(\"primaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var secondaryCluster = new Aws.Rds.Cluster(\"secondaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryClusterInstance,\n },\n });\n\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.mysql_aurora.1.22.2\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := rds.NewCluster(ctx, \"primaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := rds.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := rds.NewCluster(ctx, \"secondaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"aurora\")\n .engineVersion(\"5.6.mysql_aurora.1.22.2\")\n .databaseName(\"example_db\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .databaseName(\"example_db\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primaryCluster.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var secondaryCluster = new Cluster(\"secondaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryClusterInstance)\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondaryCluster.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: aurora\n engineVersion: 5.6.mysql_aurora.1.22.2\n databaseName: example_db\n primaryCluster:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n databaseName: example_db\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primaryCluster.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n secondaryCluster:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryClusterInstance}\n secondaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondaryCluster.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n```\n{{% /example %}}\n{{% example %}}\n### New PostgreSQL Global Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.Provider(\"primary\", {region: \"us-east-2\"});\nconst secondary = new aws.Provider(\"secondary\", {region: \"us-east-1\"});\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora-postgresql\",\n engineVersion: \"11.9\",\n databaseName: \"example_db\",\n});\nconst primaryCluster = new aws.rds.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.rds.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n skipFinalSnapshot: true,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.Provider(\"primary\", region=\"us-east-2\")\nsecondary = aws.Provider(\"secondary\", region=\"us-east-1\")\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora-postgresql\",\n engine_version=\"11.9\",\n database_name=\"example_db\")\nprimary_cluster = aws.rds.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.rds.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n skip_final_snapshot=True,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var primary = new Aws.Provider(\"primary\", new()\n {\n Region = \"us-east-2\",\n });\n\n var secondary = new Aws.Provider(\"secondary\", new()\n {\n Region = \"us-east-1\",\n });\n\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora-postgresql\",\n EngineVersion = \"11.9\",\n DatabaseName = \"example_db\",\n });\n\n var primaryCluster = new Aws.Rds.Cluster(\"primaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n\n var secondaryCluster = new Aws.Rds.Cluster(\"secondaryCluster\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n SkipFinalSnapshot = true,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = new[]\n {\n primaryClusterInstance,\n },\n });\n\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondaryClusterInstance\", new()\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"primary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = aws.NewProvider(ctx, \"secondary\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora-postgresql\"),\n\t\t\tEngineVersion: pulumi.String(\"11.9\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := rds.NewCluster(ctx, \"primaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := rds.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := rds.NewCluster(ctx, \"secondaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var primary = new Provider(\"primary\", ProviderArgs.builder() \n .region(\"us-east-2\")\n .build());\n\n var secondary = new Provider(\"secondary\", ProviderArgs.builder() \n .region(\"us-east-1\")\n .build());\n\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"global-test\")\n .engine(\"aurora-postgresql\")\n .engineVersion(\"11.9\")\n .databaseName(\"example_db\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-primary-cluster\")\n .masterUsername(\"username\")\n .masterPassword(\"somepass123\")\n .databaseName(\"example_db\")\n .globalClusterIdentifier(example.id())\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-primary-cluster-instance\")\n .clusterIdentifier(primaryCluster.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.primary())\n .build());\n\n var secondaryCluster = new Cluster(\"secondaryCluster\", ClusterArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .clusterIdentifier(\"test-secondary-cluster\")\n .globalClusterIdentifier(example.id())\n .skipFinalSnapshot(true)\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .dependsOn(primaryClusterInstance)\n .build());\n\n var secondaryClusterInstance = new ClusterInstance(\"secondaryClusterInstance\", ClusterInstanceArgs.builder() \n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .identifier(\"test-secondary-cluster-instance\")\n .clusterIdentifier(secondaryCluster.id())\n .instanceClass(\"db.r4.large\")\n .dbSubnetGroupName(\"default\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.secondary())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n primary:\n type: pulumi:providers:aws\n properties:\n region: us-east-2\n secondary:\n type: pulumi:providers:aws\n properties:\n region: us-east-1\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: global-test\n engine: aurora-postgresql\n engineVersion: '11.9'\n databaseName: example_db\n primaryCluster:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-primary-cluster\n masterUsername: username\n masterPassword: somepass123\n databaseName: example_db\n globalClusterIdentifier: ${example.id}\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-primary-cluster-instance\n clusterIdentifier: ${primaryCluster.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n options:\n provider: ${aws.primary}\n secondaryCluster:\n type: aws:rds:Cluster\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n clusterIdentifier: test-secondary-cluster\n globalClusterIdentifier: ${example.id}\n skipFinalSnapshot: true\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n dependson:\n - ${primaryClusterInstance}\n secondaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: test-secondary-cluster-instance\n clusterIdentifier: ${secondaryCluster.id}\n instanceClass: db.r4.large\n dbSubnetGroupName: default\n options:\n provider: ${aws.secondary}\n```\n{{% /example %}}\n{{% example %}}\n### New Global Cluster From Existing DB Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst exampleCluster = new aws.rds.Cluster(\"exampleCluster\", {});\nconst exampleGlobalCluster = new aws.rds.GlobalCluster(\"exampleGlobalCluster\", {\n forceDestroy: true,\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: exampleCluster.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample_cluster = aws.rds.Cluster(\"exampleCluster\")\nexample_global_cluster = aws.rds.GlobalCluster(\"exampleGlobalCluster\",\n force_destroy=True,\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example_cluster.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var exampleCluster = new Aws.Rds.Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new Aws.Rds.GlobalCluster(\"exampleGlobalCluster\", new()\n {\n ForceDestroy = true,\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = exampleCluster.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\texampleCluster, err := rds.NewCluster(ctx, \"exampleCluster\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewGlobalCluster(ctx, \"exampleGlobalCluster\", \u0026rds.GlobalClusterArgs{\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: exampleCluster.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleCluster = new Cluster(\"exampleCluster\");\n\n var exampleGlobalCluster = new GlobalCluster(\"exampleGlobalCluster\", GlobalClusterArgs.builder() \n .forceDestroy(true)\n .globalClusterIdentifier(\"example\")\n .sourceDbClusterIdentifier(exampleCluster.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleCluster:\n type: aws:rds:Cluster\n exampleGlobalCluster:\n type: aws:rds:GlobalCluster\n properties:\n forceDestroy: true\n globalClusterIdentifier: example\n sourceDbClusterIdentifier: ${exampleCluster.arn}\n```\n{{% /example %}}\n{{% example %}}\n### Upgrading Engine Versions\n\nWhen you upgrade the version of an `aws.rds.GlobalCluster`, the provider will attempt to in-place upgrade the engine versions of all associated clusters. Since the `aws.rds.Cluster` resource is being updated through the `aws.rds.GlobalCluster`, you are likely to get an error (`Provider produced inconsistent final plan`). To avoid this, use the `lifecycle` `ignore_changes` meta argument as shown below on the `aws.rds.Cluster`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"kyivkharkiv\",\n engine: \"aurora-mysql\",\n engineVersion: \"5.7.mysql_aurora.2.07.5\",\n});\nconst primaryCluster = new aws.rds.Cluster(\"primaryCluster\", {\n allowMajorVersionUpgrade: true,\n applyImmediately: true,\n clusterIdentifier: \"odessadnipro\",\n databaseName: \"totoro\",\n engine: example.engine,\n engineVersion: example.engineVersion,\n globalClusterIdentifier: example.id,\n masterPassword: \"satsukimae\",\n masterUsername: \"maesatsuki\",\n skipFinalSnapshot: true,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primaryClusterInstance\", {\n applyImmediately: true,\n clusterIdentifier: primaryCluster.id,\n engine: primaryCluster.engine,\n engineVersion: primaryCluster.engineVersion,\n identifier: \"donetsklviv\",\n instanceClass: \"db.r4.large\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"kyivkharkiv\",\n engine=\"aurora-mysql\",\n engine_version=\"5.7.mysql_aurora.2.07.5\")\nprimary_cluster = aws.rds.Cluster(\"primaryCluster\",\n allow_major_version_upgrade=True,\n apply_immediately=True,\n cluster_identifier=\"odessadnipro\",\n database_name=\"totoro\",\n engine=example.engine,\n engine_version=example.engine_version,\n global_cluster_identifier=example.id,\n master_password=\"satsukimae\",\n master_username=\"maesatsuki\",\n skip_final_snapshot=True)\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primaryClusterInstance\",\n apply_immediately=True,\n cluster_identifier=primary_cluster.id,\n engine=primary_cluster.engine,\n engine_version=primary_cluster.engine_version,\n identifier=\"donetsklviv\",\n instance_class=\"db.r4.large\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.GlobalCluster(\"example\", new()\n {\n GlobalClusterIdentifier = \"kyivkharkiv\",\n Engine = \"aurora-mysql\",\n EngineVersion = \"5.7.mysql_aurora.2.07.5\",\n });\n\n var primaryCluster = new Aws.Rds.Cluster(\"primaryCluster\", new()\n {\n AllowMajorVersionUpgrade = true,\n ApplyImmediately = true,\n ClusterIdentifier = \"odessadnipro\",\n DatabaseName = \"totoro\",\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n GlobalClusterIdentifier = example.Id,\n MasterPassword = \"satsukimae\",\n MasterUsername = \"maesatsuki\",\n SkipFinalSnapshot = true,\n });\n\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primaryClusterInstance\", new()\n {\n ApplyImmediately = true,\n ClusterIdentifier = primaryCluster.Id,\n Engine = primaryCluster.Engine,\n EngineVersion = primaryCluster.EngineVersion,\n Identifier = \"donetsklviv\",\n InstanceClass = \"db.r4.large\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", \u0026rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"kyivkharkiv\"),\n\t\t\tEngine: pulumi.String(\"aurora-mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7.mysql_aurora.2.07.5\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := rds.NewCluster(ctx, \"primaryCluster\", \u0026rds.ClusterArgs{\n\t\t\tAllowMajorVersionUpgrade: pulumi.Bool(true),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: pulumi.String(\"odessadnipro\"),\n\t\t\tDatabaseName: pulumi.String(\"totoro\"),\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tMasterPassword: pulumi.String(\"satsukimae\"),\n\t\t\tMasterUsername: pulumi.String(\"maesatsuki\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"primaryClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tEngine: primaryCluster.Engine,\n\t\t\tEngineVersion: primaryCluster.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"donetsklviv\"),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.GlobalCluster;\nimport com.pulumi.aws.rds.GlobalClusterArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new GlobalCluster(\"example\", GlobalClusterArgs.builder() \n .globalClusterIdentifier(\"kyivkharkiv\")\n .engine(\"aurora-mysql\")\n .engineVersion(\"5.7.mysql_aurora.2.07.5\")\n .build());\n\n var primaryCluster = new Cluster(\"primaryCluster\", ClusterArgs.builder() \n .allowMajorVersionUpgrade(true)\n .applyImmediately(true)\n .clusterIdentifier(\"odessadnipro\")\n .databaseName(\"totoro\")\n .engine(example.engine())\n .engineVersion(example.engineVersion())\n .globalClusterIdentifier(example.id())\n .masterPassword(\"satsukimae\")\n .masterUsername(\"maesatsuki\")\n .skipFinalSnapshot(true)\n .build());\n\n var primaryClusterInstance = new ClusterInstance(\"primaryClusterInstance\", ClusterInstanceArgs.builder() \n .applyImmediately(true)\n .clusterIdentifier(primaryCluster.id())\n .engine(primaryCluster.engine())\n .engineVersion(primaryCluster.engineVersion())\n .identifier(\"donetsklviv\")\n .instanceClass(\"db.r4.large\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:GlobalCluster\n properties:\n globalClusterIdentifier: kyivkharkiv\n engine: aurora-mysql\n engineVersion: 5.7.mysql_aurora.2.07.5\n primaryCluster:\n type: aws:rds:Cluster\n properties:\n allowMajorVersionUpgrade: true\n applyImmediately: true\n clusterIdentifier: odessadnipro\n databaseName: totoro\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n globalClusterIdentifier: ${example.id}\n masterPassword: satsukimae\n masterUsername: maesatsuki\n skipFinalSnapshot: true\n primaryClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n applyImmediately: true\n clusterIdentifier: ${primaryCluster.id}\n engine: ${primaryCluster.engine}\n engineVersion: ${primaryCluster.engineVersion}\n identifier: donetsklviv\n instanceClass: db.r4.large\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import `aws_rds_global_cluster` using the RDS Global Cluster identifier. For example:\n\n```sh\n $ pulumi import aws:rds/globalCluster:GlobalCluster example example\n```\n Certain resource arguments, like `force_destroy`, only exist within this provider. If the argument is set in the the provider configuration on an imported resource, This provider will show a difference on the first plan after import to update the state value. This change is safe to apply immediately so the state matches the desired configuration.\n\nCertain resource arguments, like `source_db_cluster_identifier`, do not have an API method for reading the information after creation. If the argument is set in the Pulumi program on an imported resource, Pulumi will always show a difference. To workaround this behavior, either omit the argument from the Pulumi program or use `ignore_changes` to hide the difference. For example:\n\n", "properties": { "arn": { "type": "string", @@ -298990,7 +298990,7 @@ } }, "aws:rds/instance:Instance": { - "description": "Provides an RDS instance resource. A DB instance is an isolated database\nenvironment in the cloud. A DB instance can contain multiple user-created\ndatabases.\n\nChanges to a DB instance can occur when you manually change a parameter, such as\n`allocated_storage`, and are reflected in the next maintenance window. Because\nof this, this provider may report a difference in its planning phase because a\nmodification has not yet taken place. You can use the `apply_immediately` flag\nto instruct the service to apply the change immediately (see documentation\nbelow).\n\nWhen upgrading the major version of an engine, `allow_major_version_upgrade` must be set to `true`.\n\n\u003e **Note:** using `apply_immediately` can result in a brief downtime as the server reboots.\nSee the AWS Docs on [RDS Instance Maintenance][instance-maintenance] for more information.\n\n\u003e **Note:** All arguments including the username and password will be stored in the raw state as plain-text.\nRead more about sensitive data instate.\n\n\n\n## RDS Instance Class Types\n\nAmazon RDS supports instance classes for the following use cases: General-purpose, Memory-optimized, Burstable Performance, and Optimized-reads.\nFor more information please read the AWS RDS documentation about [DB Instance Class Types](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html)\n\n## Low-Downtime Updates\n\nBy default, RDS applies updates to DB Instances in-place, which can lead to service interruptions.\nLow-downtime updates minimize service interruptions by performing the updates with an [RDS Blue/Green deployment][blue-green] and switching over the instances when complete.\n\nLow-downtime updates are only available for DB Instances using MySQL and MariaDB,\nas other engines are not supported by RDS Blue/Green deployments.\nThey cannot be used with DB Instances with replicas.\n\nBackups must be enabled to use low-downtime updates.\n\nEnable low-downtime updates by setting `blue_green_update.enabled` to `true`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n parameterGroupName: \"default.mysql5.7\",\n password: \"foobarbaz\",\n skipFinalSnapshot: true,\n username: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n parameter_group_name=\"default.mysql5.7\",\n password=\"foobarbaz\",\n skip_final_snapshot=True,\n username=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n ParameterGroupName = \"default.mysql5.7\",\n Password = \"foobarbaz\",\n SkipFinalSnapshot = true,\n Username = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .parameterGroupName(\"default.mysql5.7\")\n .password(\"foobarbaz\")\n .skipFinalSnapshot(true)\n .username(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n parameterGroupName: default.mysql5.7\n password: foobarbaz\n skipFinalSnapshot: true\n username: foo\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for Oracle Usage with Replica\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custom-oracle = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-oracle-ee\")\n .engineVersion(\"19.c.ee.002\")\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(50)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(local.db_subnet_group_name())\n .engine(custom_oracle.engine())\n .engineVersion(custom_oracle.engineVersion())\n .identifier(\"ee-instance-demo\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .licenseModel(custom_oracle.licenseModel())\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .storageEncrypted(true)\n .timeouts(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n var test_replica = new Instance(\"test-replica\", InstanceArgs.builder() \n .replicateSourceDb(default_.identifier())\n .replicaMode(\"mounted\")\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .identifier(\"ee-instance-replica\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .skipFinalSnapshot(true)\n .storageEncrypted(true)\n .timeouts(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n autoMinorVersionUpgrade: false\n # Custom for Oracle does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n # Instance profile is required for Custom for Oracle. See: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${local.db_subnet_group_name}\n engine: ${[\"custom-oracle\"].engine}\n engineVersion: ${[\"custom-oracle\"].engineVersion}\n identifier: ee-instance-demo\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n licenseModel: ${[\"custom-oracle\"].licenseModel}\n multiAz: false\n # Custom for Oracle does not support multi-az\n password: avoid-plaintext-passwords\n username: test\n storageEncrypted: true\n timeouts:\n - create: 3h\n delete: 3h\n update: 3h\n test-replica:\n type: aws:rds:Instance\n properties:\n replicateSourceDb: ${default.identifier}\n replicaMode: mounted\n autoMinorVersionUpgrade: false\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n # Instance profile is required for Custom for Oracle. See: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc\n backupRetentionPeriod: 7\n identifier: ee-instance-replica\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false\n # Custom for Oracle does not support multi-az\n skipFinalSnapshot: true\n storageEncrypted: true\n timeouts:\n - create: 3h\n delete: 3h\n update: 3h\nvariables:\n custom-oracle:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: custom-oracle-ee\n engineVersion: 19.c.ee.002\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n byId:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for SQL Server\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custom-sqlserver = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.v1\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(500)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomSQLServerInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(local.db_subnet_group_name())\n .engine(custom_sqlserver.engine())\n .engineVersion(custom_sqlserver.engineVersion())\n .identifier(\"sql-instance-demo\")\n .instanceClass(custom_sqlserver.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .storageEncrypted(true)\n .username(\"test\")\n .timeouts(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 500\n autoMinorVersionUpgrade: false\n # Custom for SQL Server does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomSQLServerInstanceProfile\n # Instance profile is required for Custom for SQL Server. See: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-sqlserver.html#custom-setup-sqlserver.iam\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${local.db_subnet_group_name}\n # Copy the subnet group from the RDS Console\n engine: ${[\"custom-sqlserver\"].engine}\n engineVersion: ${[\"custom-sqlserver\"].engineVersion}\n identifier: sql-instance-demo\n instanceClass: ${[\"custom-sqlserver\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false\n # Custom for SQL Server does support multi-az\n password: avoid-plaintext-passwords\n storageEncrypted: true\n username: test\n timeouts:\n - create: 3h\n delete: 3h\n update: 3h\nvariables:\n custom-sqlserver:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.v1\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n byId:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n{{% /example %}}\n{{% example %}}\n### RDS Db2 Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst default = aws.rds.getEngineVersion({\n engine: \"db2-se\",\n});\nconst exampleOrderableDbInstance = Promise.all([_default, _default]).then(([_default, _default1]) =\u003e aws.rds.getOrderableDbInstance({\n engine: _default.engine,\n engineVersion: _default1.version,\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ],\n}));\n// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nconst exampleParameterGroup = new aws.rds.ParameterGroup(\"exampleParameterGroup\", {\n family: _default.then(_default =\u003e _default.parameterGroupFamily),\n parameters: [\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_customer_id\",\n value: \"0\",\n },\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_site_id\",\n value: \"0\",\n },\n ],\n});\n// Create the RDS Db2 instance, use the data sources defined to set attributes\nconst exampleInstance = new aws.rds.Instance(\"exampleInstance\", {\n allocatedStorage: 100,\n backupRetentionPeriod: 7,\n dbName: \"test\",\n engine: exampleOrderableDbInstance.then(exampleOrderableDbInstance =\u003e exampleOrderableDbInstance.engine),\n engineVersion: exampleOrderableDbInstance.then(exampleOrderableDbInstance =\u003e exampleOrderableDbInstance.engineVersion),\n identifier: \"db2-instance-demo\",\n instanceClass: exampleOrderableDbInstance.then(exampleOrderableDbInstance =\u003e exampleOrderableDbInstance.instanceClass).apply((x) =\u003e aws.rds.instancetype.InstanceType[x]),\n parameterGroupName: exampleParameterGroup.name,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.get_engine_version(engine=\"db2-se\")\nexample_orderable_db_instance = aws.rds.get_orderable_db_instance(engine=default.engine,\n engine_version=default.version,\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ])\n# The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nexample_parameter_group = aws.rds.ParameterGroup(\"exampleParameterGroup\",\n family=default.parameter_group_family,\n parameters=[\n aws.rds.ParameterGroupParameterArgs(\n apply_method=\"immediate\",\n name=\"rds.ibm_customer_id\",\n value=\"0\",\n ),\n aws.rds.ParameterGroupParameterArgs(\n apply_method=\"immediate\",\n name=\"rds.ibm_site_id\",\n value=\"0\",\n ),\n ])\n# Create the RDS Db2 instance, use the data sources defined to set attributes\nexample_instance = aws.rds.Instance(\"exampleInstance\",\n allocated_storage=100,\n backup_retention_period=7,\n db_name=\"test\",\n engine=example_orderable_db_instance.engine,\n engine_version=example_orderable_db_instance.engine_version,\n identifier=\"db2-instance-demo\",\n instance_class=example_orderable_db_instance.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)),\n parameter_group_name=example_parameter_group.name,\n password=\"avoid-plaintext-passwords\",\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Rds.GetEngineVersion.Invoke(new()\n {\n Engine = \"db2-se\",\n });\n\n var exampleOrderableDbInstance = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Engine),\n EngineVersion = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Version),\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n },\n });\n\n // The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n var exampleParameterGroup = new Aws.Rds.ParameterGroup(\"exampleParameterGroup\", new()\n {\n Family = @default.Apply(@default =\u003e @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.ParameterGroupFamily)),\n Parameters = new[]\n {\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_customer_id\",\n Value = \"0\",\n },\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_site_id\",\n Value = \"0\",\n },\n },\n });\n\n // Create the RDS Db2 instance, use the data sources defined to set attributes\n var exampleInstance = new Aws.Rds.Instance(\"exampleInstance\", new()\n {\n AllocatedStorage = 100,\n BackupRetentionPeriod = 7,\n DbName = \"test\",\n Engine = exampleOrderableDbInstance.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine),\n EngineVersion = exampleOrderableDbInstance.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion),\n Identifier = \"db2-instance-demo\",\n InstanceClass = exampleOrderableDbInstance.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType.InstanceType\u003e),\n ParameterGroupName = exampleParameterGroup.Name,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := rds.GetEngineVersion(ctx, \u0026rds.GetEngineVersionArgs{\n\t\t\tEngine: \"db2-se\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleOrderableDbInstance, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: pulumi.StringRef(_default.Version),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.t3.small\",\n\t\t\t\t\"db.r6i.large\",\n\t\t\t\t\"db.m6i.large\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleParameterGroup, err := rds.NewParameterGroup(ctx, \"exampleParameterGroup\", \u0026rds.ParameterGroupArgs{\n\t\t\tFamily: *pulumi.String(_default.ParameterGroupFamily),\n\t\t\tParameters: rds.ParameterGroupParameterArray{\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_customer_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_site_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"exampleInstance\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(100),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbName: pulumi.String(\"test\"),\n\t\t\tEngine: *pulumi.String(exampleOrderableDbInstance.Engine),\n\t\t\tEngineVersion: *pulumi.String(exampleOrderableDbInstance.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"db2-instance-demo\"),\n\t\t\tInstanceClass: exampleOrderableDbInstance.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tParameterGroupName: exampleParameterGroup.Name,\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetEngineVersionArgs;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.rds.ParameterGroup;\nimport com.pulumi.aws.rds.ParameterGroupArgs;\nimport com.pulumi.aws.rds.inputs.ParameterGroupParameterArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = RdsFunctions.getEngineVersion(GetEngineVersionArgs.builder()\n .engine(\"db2-se\")\n .build());\n\n final var exampleOrderableDbInstance = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(default_.engine())\n .engineVersion(default_.version())\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\")\n .build());\n\n var exampleParameterGroup = new ParameterGroup(\"exampleParameterGroup\", ParameterGroupArgs.builder() \n .family(default_.parameterGroupFamily())\n .parameters( \n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_customer_id\")\n .value(0)\n .build(),\n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_site_id\")\n .value(0)\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .allocatedStorage(100)\n .backupRetentionPeriod(7)\n .dbName(\"test\")\n .engine(exampleOrderableDbInstance.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engine()))\n .engineVersion(exampleOrderableDbInstance.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engineVersion()))\n .identifier(\"db2-instance-demo\")\n .instanceClass(exampleOrderableDbInstance.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.instanceClass()))\n .parameterGroupName(exampleParameterGroup.name())\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n exampleParameterGroup:\n type: aws:rds:ParameterGroup\n properties:\n family: ${default.parameterGroupFamily}\n parameters:\n - applyMethod: immediate\n name: rds.ibm_customer_id\n value: 0\n - applyMethod: immediate\n name: rds.ibm_site_id\n value: 0\n # Create the RDS Db2 instance, use the data sources defined to set attributes\n exampleInstance:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 100\n backupRetentionPeriod: 7\n dbName: test\n engine: ${exampleOrderableDbInstance.engine}\n engineVersion: ${exampleOrderableDbInstance.engineVersion}\n identifier: db2-instance-demo\n instanceClass: ${exampleOrderableDbInstance.instanceClass}\n parameterGroupName: ${exampleParameterGroup.name}\n password: avoid-plaintext-passwords\n username: test\nvariables:\n default:\n fn::invoke:\n Function: aws:rds:getEngineVersion\n Arguments:\n engine: db2-se\n exampleOrderableDbInstance:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: ${default.engine}\n engineVersion: ${default.version}\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.t3.small\n - db.r6i.large\n - db.m6i.large\n```\n{{% /example %}}\n{{% example %}}\n### Storage Autoscaling\n\nTo enable Storage Autoscaling with instances that support the feature, define the `max_allocated_storage` argument higher than the `allocated_storage` argument. This provider will automatically hide differences with the `allocated_storage` argument value if autoscaling occurs.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 50,\n maxAllocatedStorage: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Instance(\"example\",\n allocated_storage=50,\n max_allocated_storage=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 50,\n MaxAllocatedStorage = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tMaxAllocatedStorage: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(50)\n .maxAllocatedStorage(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n maxAllocatedStorage: 100\n```\n{{% /example %}}\n{{% example %}}\n### Managed Master Passwords via Secrets Manager, default KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `manage_master_user_password` attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the `manage_master_user_password` attribute and removing the `password` attribute (removal is required).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n manageMasterUserPassword: true,\n parameterGroupName: \"default.mysql5.7\",\n username: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n manage_master_user_password=True,\n parameter_group_name=\"default.mysql5.7\",\n username=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n ManageMasterUserPassword = true,\n ParameterGroupName = \"default.mysql5.7\",\n Username = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .parameterGroupName(\"default.mysql5.7\")\n .username(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n parameterGroupName: default.mysql5.7\n username: foo\n```\n{{% /example %}}\n{{% example %}}\n### Managed Master Passwords via Secrets Manager, specific KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `master_user_secret_kms_key_id` attribute to specify a specific KMS Key.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"Example KMS Key\"});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n manageMasterUserPassword: true,\n masterUserSecretKmsKeyId: example.keyId,\n username: \"foo\",\n parameterGroupName: \"default.mysql5.7\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.Key(\"example\", description=\"Example KMS Key\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n manage_master_user_password=True,\n master_user_secret_kms_key_id=example.key_id,\n username=\"foo\",\n parameter_group_name=\"default.mysql5.7\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Example KMS Key\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n ManageMasterUserPassword = true,\n MasterUserSecretKmsKeyId = example.KeyId,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql5.7\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example KMS Key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUserSecretKmsKeyId: example.KeyId,\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder() \n .description(\"Example KMS Key\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .masterUserSecretKmsKeyId(example.keyId())\n .username(\"foo\")\n .parameterGroupName(\"default.mysql5.7\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: Example KMS Key\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n masterUserSecretKmsKeyId: ${example.keyId}\n username: foo\n parameterGroupName: default.mysql5.7\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import DB Instances using the `identifier`. For example:\n\n```sh\n $ pulumi import aws:rds/instance:Instance default mydb-rds-instance\n```\n ", + "description": "Provides an RDS instance resource. A DB instance is an isolated database\nenvironment in the cloud. A DB instance can contain multiple user-created\ndatabases.\n\nChanges to a DB instance can occur when you manually change a parameter, such as\n`allocated_storage`, and are reflected in the next maintenance window. Because\nof this, this provider may report a difference in its planning phase because a\nmodification has not yet taken place. You can use the `apply_immediately` flag\nto instruct the service to apply the change immediately (see documentation\nbelow).\n\nWhen upgrading the major version of an engine, `allow_major_version_upgrade` must be set to `true`.\n\n\u003e **Note:** using `apply_immediately` can result in a brief downtime as the server reboots.\nSee the AWS Docs on [RDS Instance Maintenance][instance-maintenance] for more information.\n\n\u003e **Note:** All arguments including the username and password will be stored in the raw state as plain-text.\nRead more about sensitive data instate.\n\n\n\n## RDS Instance Class Types\n\nAmazon RDS supports instance classes for the following use cases: General-purpose, Memory-optimized, Burstable Performance, and Optimized-reads.\nFor more information please read the AWS RDS documentation about [DB Instance Class Types](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html)\n\n## Low-Downtime Updates\n\nBy default, RDS applies updates to DB Instances in-place, which can lead to service interruptions.\nLow-downtime updates minimize service interruptions by performing the updates with an [RDS Blue/Green deployment][blue-green] and switching over the instances when complete.\n\nLow-downtime updates are only available for DB Instances using MySQL and MariaDB,\nas other engines are not supported by RDS Blue/Green deployments.\nThey cannot be used with DB Instances with replicas.\n\nBackups must be enabled to use low-downtime updates.\n\nEnable low-downtime updates by setting `blue_green_update.enabled` to `true`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n parameterGroupName: \"default.mysql5.7\",\n password: \"foobarbaz\",\n skipFinalSnapshot: true,\n username: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n parameter_group_name=\"default.mysql5.7\",\n password=\"foobarbaz\",\n skip_final_snapshot=True,\n username=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n ParameterGroupName = \"default.mysql5.7\",\n Password = \"foobarbaz\",\n SkipFinalSnapshot = true,\n Username = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .parameterGroupName(\"default.mysql5.7\")\n .password(\"foobarbaz\")\n .skipFinalSnapshot(true)\n .username(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n parameterGroupName: default.mysql5.7\n password: foobarbaz\n skipFinalSnapshot: true\n username: foo\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for Oracle Usage with Replica\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custom-oracle = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-oracle-ee\")\n .engineVersion(\"19.c.ee.002\")\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(50)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(local.db_subnet_group_name())\n .engine(custom_oracle.engine())\n .engineVersion(custom_oracle.engineVersion())\n .identifier(\"ee-instance-demo\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .licenseModel(custom_oracle.licenseModel())\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .storageEncrypted(true)\n .timeouts(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n var test_replica = new Instance(\"test-replica\", InstanceArgs.builder() \n .replicateSourceDb(default_.identifier())\n .replicaMode(\"mounted\")\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .identifier(\"ee-instance-replica\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .skipFinalSnapshot(true)\n .storageEncrypted(true)\n .timeouts(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n autoMinorVersionUpgrade: false\n # Custom for Oracle does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n # Instance profile is required for Custom for Oracle. See: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${local.db_subnet_group_name}\n engine: ${[\"custom-oracle\"].engine}\n engineVersion: ${[\"custom-oracle\"].engineVersion}\n identifier: ee-instance-demo\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n licenseModel: ${[\"custom-oracle\"].licenseModel}\n multiAz: false\n # Custom for Oracle does not support multi-az\n password: avoid-plaintext-passwords\n username: test\n storageEncrypted: true\n timeouts:\n - create: 3h\n delete: 3h\n update: 3h\n test-replica:\n type: aws:rds:Instance\n properties:\n replicateSourceDb: ${default.identifier}\n replicaMode: mounted\n autoMinorVersionUpgrade: false\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n # Instance profile is required for Custom for Oracle. See: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-orcl.html#custom-setup-orcl.iam-vpc\n backupRetentionPeriod: 7\n identifier: ee-instance-replica\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false\n # Custom for Oracle does not support multi-az\n skipFinalSnapshot: true\n storageEncrypted: true\n timeouts:\n - create: 3h\n delete: 3h\n update: 3h\nvariables:\n custom-oracle:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: custom-oracle-ee\n engineVersion: 19.c.ee.002\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n byId:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n{{% /example %}}\n{{% example %}}\n### RDS Custom for SQL Server\n\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custom-sqlserver = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.v1\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(500)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomSQLServerInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(local.db_subnet_group_name())\n .engine(custom_sqlserver.engine())\n .engineVersion(custom_sqlserver.engineVersion())\n .identifier(\"sql-instance-demo\")\n .instanceClass(custom_sqlserver.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .storageEncrypted(true)\n .username(\"test\")\n .timeouts(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 500\n autoMinorVersionUpgrade: false\n # Custom for SQL Server does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomSQLServerInstanceProfile\n # Instance profile is required for Custom for SQL Server. See: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-setup-sqlserver.html#custom-setup-sqlserver.iam\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${local.db_subnet_group_name}\n # Copy the subnet group from the RDS Console\n engine: ${[\"custom-sqlserver\"].engine}\n engineVersion: ${[\"custom-sqlserver\"].engineVersion}\n identifier: sql-instance-demo\n instanceClass: ${[\"custom-sqlserver\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false\n # Custom for SQL Server does support multi-az\n password: avoid-plaintext-passwords\n storageEncrypted: true\n username: test\n timeouts:\n - create: 3h\n delete: 3h\n update: 3h\nvariables:\n custom-sqlserver:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.v1\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n byId:\n fn::invoke:\n Function: aws:kms:getKey\n Arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n{{% /example %}}\n{{% example %}}\n### RDS Db2 Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst default = aws.rds.getEngineVersion({\n engine: \"db2-se\",\n});\nconst exampleOrderableDbInstance = Promise.all([_default, _default]).then(([_default, _default1]) =\u003e aws.rds.getOrderableDbInstance({\n engine: _default.engine,\n engineVersion: _default1.version,\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ],\n}));\n// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nconst exampleParameterGroup = new aws.rds.ParameterGroup(\"exampleParameterGroup\", {\n family: _default.then(_default =\u003e _default.parameterGroupFamily),\n parameters: [\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_customer_id\",\n value: \"0\",\n },\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_site_id\",\n value: \"0\",\n },\n ],\n});\n// Create the RDS Db2 instance, use the data sources defined to set attributes\nconst exampleInstance = new aws.rds.Instance(\"exampleInstance\", {\n allocatedStorage: 100,\n backupRetentionPeriod: 7,\n dbName: \"test\",\n engine: exampleOrderableDbInstance.then(exampleOrderableDbInstance =\u003e exampleOrderableDbInstance.engine),\n engineVersion: exampleOrderableDbInstance.then(exampleOrderableDbInstance =\u003e exampleOrderableDbInstance.engineVersion),\n identifier: \"db2-instance-demo\",\n instanceClass: exampleOrderableDbInstance.then(exampleOrderableDbInstance =\u003e exampleOrderableDbInstance.instanceClass).apply((x) =\u003e aws.rds.instancetype.InstanceType[x]),\n parameterGroupName: exampleParameterGroup.name,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.get_engine_version(engine=\"db2-se\")\nexample_orderable_db_instance = aws.rds.get_orderable_db_instance(engine=default.engine,\n engine_version=default.version,\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ])\n# The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nexample_parameter_group = aws.rds.ParameterGroup(\"exampleParameterGroup\",\n family=default.parameter_group_family,\n parameters=[\n aws.rds.ParameterGroupParameterArgs(\n apply_method=\"immediate\",\n name=\"rds.ibm_customer_id\",\n value=\"0\",\n ),\n aws.rds.ParameterGroupParameterArgs(\n apply_method=\"immediate\",\n name=\"rds.ibm_site_id\",\n value=\"0\",\n ),\n ])\n# Create the RDS Db2 instance, use the data sources defined to set attributes\nexample_instance = aws.rds.Instance(\"exampleInstance\",\n allocated_storage=100,\n backup_retention_period=7,\n db_name=\"test\",\n engine=example_orderable_db_instance.engine,\n engine_version=example_orderable_db_instance.engine_version,\n identifier=\"db2-instance-demo\",\n instance_class=example_orderable_db_instance.instance_class.apply(lambda x: aws.rds/instancetype.InstanceType(x)),\n parameter_group_name=example_parameter_group.name,\n password=\"avoid-plaintext-passwords\",\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Rds.GetEngineVersion.Invoke(new()\n {\n Engine = \"db2-se\",\n });\n\n var exampleOrderableDbInstance = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Engine),\n EngineVersion = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Version),\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n },\n });\n\n // The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n var exampleParameterGroup = new Aws.Rds.ParameterGroup(\"exampleParameterGroup\", new()\n {\n Family = @default.Apply(@default =\u003e @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.ParameterGroupFamily)),\n Parameters = new[]\n {\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_customer_id\",\n Value = \"0\",\n },\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_site_id\",\n Value = \"0\",\n },\n },\n });\n\n // Create the RDS Db2 instance, use the data sources defined to set attributes\n var exampleInstance = new Aws.Rds.Instance(\"exampleInstance\", new()\n {\n AllocatedStorage = 100,\n BackupRetentionPeriod = 7,\n DbName = \"test\",\n Engine = exampleOrderableDbInstance.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine),\n EngineVersion = exampleOrderableDbInstance.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion),\n Identifier = \"db2-instance-demo\",\n InstanceClass = exampleOrderableDbInstance.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType.InstanceType\u003e),\n ParameterGroupName = exampleParameterGroup.Name,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := rds.GetEngineVersion(ctx, \u0026rds.GetEngineVersionArgs{\n\t\t\tEngine: \"db2-se\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleOrderableDbInstance, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: pulumi.StringRef(_default.Version),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.t3.small\",\n\t\t\t\t\"db.r6i.large\",\n\t\t\t\t\"db.m6i.large\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n\t\texampleParameterGroup, err := rds.NewParameterGroup(ctx, \"exampleParameterGroup\", \u0026rds.ParameterGroupArgs{\n\t\t\tFamily: *pulumi.String(_default.ParameterGroupFamily),\n\t\t\tParameters: rds.ParameterGroupParameterArray{\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_customer_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_site_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the RDS Db2 instance, use the data sources defined to set attributes\n\t\t_, err = rds.NewInstance(ctx, \"exampleInstance\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(100),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbName: pulumi.String(\"test\"),\n\t\t\tEngine: *pulumi.String(exampleOrderableDbInstance.Engine),\n\t\t\tEngineVersion: *pulumi.String(exampleOrderableDbInstance.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"db2-instance-demo\"),\n\t\t\tInstanceClass: exampleOrderableDbInstance.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tParameterGroupName: exampleParameterGroup.Name,\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetEngineVersionArgs;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.rds.ParameterGroup;\nimport com.pulumi.aws.rds.ParameterGroupArgs;\nimport com.pulumi.aws.rds.inputs.ParameterGroupParameterArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = RdsFunctions.getEngineVersion(GetEngineVersionArgs.builder()\n .engine(\"db2-se\")\n .build());\n\n final var exampleOrderableDbInstance = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(default_.engine())\n .engineVersion(default_.version())\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\")\n .build());\n\n var exampleParameterGroup = new ParameterGroup(\"exampleParameterGroup\", ParameterGroupArgs.builder() \n .family(default_.parameterGroupFamily())\n .parameters( \n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_customer_id\")\n .value(0)\n .build(),\n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_site_id\")\n .value(0)\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder() \n .allocatedStorage(100)\n .backupRetentionPeriod(7)\n .dbName(\"test\")\n .engine(exampleOrderableDbInstance.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engine()))\n .engineVersion(exampleOrderableDbInstance.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engineVersion()))\n .identifier(\"db2-instance-demo\")\n .instanceClass(exampleOrderableDbInstance.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.instanceClass()))\n .parameterGroupName(exampleParameterGroup.name())\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n exampleParameterGroup:\n type: aws:rds:ParameterGroup\n properties:\n family: ${default.parameterGroupFamily}\n parameters:\n - applyMethod: immediate\n name: rds.ibm_customer_id\n value: 0\n - applyMethod: immediate\n name: rds.ibm_site_id\n value: 0\n # Create the RDS Db2 instance, use the data sources defined to set attributes\n exampleInstance:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 100\n backupRetentionPeriod: 7\n dbName: test\n engine: ${exampleOrderableDbInstance.engine}\n engineVersion: ${exampleOrderableDbInstance.engineVersion}\n identifier: db2-instance-demo\n instanceClass: ${exampleOrderableDbInstance.instanceClass}\n parameterGroupName: ${exampleParameterGroup.name}\n password: avoid-plaintext-passwords\n username: test\nvariables:\n default:\n fn::invoke:\n Function: aws:rds:getEngineVersion\n Arguments:\n engine: db2-se\n exampleOrderableDbInstance:\n fn::invoke:\n Function: aws:rds:getOrderableDbInstance\n Arguments:\n engine: ${default.engine}\n engineVersion: ${default.version}\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.t3.small\n - db.r6i.large\n - db.m6i.large\n```\n{{% /example %}}\n{{% example %}}\n### Storage Autoscaling\n\nTo enable Storage Autoscaling with instances that support the feature, define the `max_allocated_storage` argument higher than the `allocated_storage` argument. This provider will automatically hide differences with the `allocated_storage` argument value if autoscaling occurs.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 50,\n maxAllocatedStorage: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Instance(\"example\",\n allocated_storage=50,\n max_allocated_storage=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 50,\n MaxAllocatedStorage = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tMaxAllocatedStorage: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Instance(\"example\", InstanceArgs.builder() \n .allocatedStorage(50)\n .maxAllocatedStorage(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n maxAllocatedStorage: 100\n```\n{{% /example %}}\n{{% example %}}\n### Managed Master Passwords via Secrets Manager, default KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `manage_master_user_password` attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the `manage_master_user_password` attribute and removing the `password` attribute (removal is required).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n manageMasterUserPassword: true,\n parameterGroupName: \"default.mysql5.7\",\n username: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n manage_master_user_password=True,\n parameter_group_name=\"default.mysql5.7\",\n username=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n ManageMasterUserPassword = true,\n ParameterGroupName = \"default.mysql5.7\",\n Username = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .parameterGroupName(\"default.mysql5.7\")\n .username(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n parameterGroupName: default.mysql5.7\n username: foo\n```\n{{% /example %}}\n{{% example %}}\n### Managed Master Passwords via Secrets Manager, specific KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `master_user_secret_kms_key_id` attribute to specify a specific KMS Key.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"Example KMS Key\"});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n manageMasterUserPassword: true,\n masterUserSecretKmsKeyId: example.keyId,\n username: \"foo\",\n parameterGroupName: \"default.mysql5.7\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.Key(\"example\", description=\"Example KMS Key\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n manage_master_user_password=True,\n master_user_secret_kms_key_id=example.key_id,\n username=\"foo\",\n parameter_group_name=\"default.mysql5.7\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Example KMS Key\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n ManageMasterUserPassword = true,\n MasterUserSecretKmsKeyId = example.KeyId,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql5.7\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example KMS Key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUserSecretKmsKeyId: example.KeyId,\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder() \n .description(\"Example KMS Key\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder() \n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"5.7\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .masterUserSecretKmsKeyId(example.keyId())\n .username(\"foo\")\n .parameterGroupName(\"default.mysql5.7\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: Example KMS Key\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '5.7'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n masterUserSecretKmsKeyId: ${example.keyId}\n username: foo\n parameterGroupName: default.mysql5.7\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import DB Instances using the `identifier`. For example:\n\n```sh\n $ pulumi import aws:rds/instance:Instance default mydb-rds-instance\n```\n ", "properties": { "address": { "type": "string", @@ -307299,7 +307299,7 @@ } }, "aws:route53/queryLog:QueryLog": { - "description": "Provides a Route53 query logging configuration resource.\n\n\u003e **NOTE:** There are restrictions on the configuration of query logging. Notably,\nthe CloudWatch log group must be in the `us-east-1` region,\na permissive CloudWatch log resource policy must be in place, and\nthe Route53 hosted zone must be public.\nSee [Configuring Logging for DNS Queries](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html?console_help=true#query-logs-configuring) for additional details.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example CloudWatch log group in us-east-1\nconst us_east_1 = new aws.Provider(\"us-east-1\", {region: \"us-east-1\"});\nconst awsRoute53ExampleCom = new aws.cloudwatch.LogGroup(\"awsRoute53ExampleCom\", {retentionInDays: 30}, {\n provider: aws[\"us-east-1\"],\n});\n// Example CloudWatch log resource policy to allow Route53 to write logs\n// to any log group under /aws/route53/*\nconst route53-query-logging-policyPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", {\n policyDocument: route53_query_logging_policyPolicyDocument.then(route53_query_logging_policyPolicyDocument =\u003e route53_query_logging_policyPolicyDocument.json),\n policyName: \"route53-query-logging-policy\",\n}, {\n provider: aws[\"us-east-1\"],\n});\n// Example Route53 zone with query logging\nconst exampleComZone = new aws.route53.Zone(\"exampleComZone\", {});\nconst exampleComQueryLog = new aws.route53.QueryLog(\"exampleComQueryLog\", {\n cloudwatchLogGroupArn: awsRoute53ExampleCom.arn,\n zoneId: exampleComZone.zoneId,\n}, {\n dependsOn: [route53_query_logging_policyLogResourcePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example CloudWatch log group in us-east-1\nus_east_1 = aws.Provider(\"us-east-1\", region=\"us-east-1\")\naws_route53_example_com = aws.cloudwatch.LogGroup(\"awsRoute53ExampleCom\", retention_in_days=30,\nopts=pulumi.ResourceOptions(provider=aws[\"us-east-1\"]))\n# Example CloudWatch log resource policy to allow Route53 to write logs\n# to any log group under /aws/route53/*\nroute53_query_logging_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"route53.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\",\n policy_document=route53_query_logging_policy_policy_document.json,\n policy_name=\"route53-query-logging-policy\",\n opts=pulumi.ResourceOptions(provider=aws[\"us-east-1\"]))\n# Example Route53 zone with query logging\nexample_com_zone = aws.route53.Zone(\"exampleComZone\")\nexample_com_query_log = aws.route53.QueryLog(\"exampleComQueryLog\",\n cloudwatch_log_group_arn=aws_route53_example_com.arn,\n zone_id=example_com_zone.zone_id,\n opts=pulumi.ResourceOptions(depends_on=[route53_query_logging_policy_log_resource_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example CloudWatch log group in us-east-1\n var us_east_1 = new Aws.Provider(\"us-east-1\", new()\n {\n Region = \"us-east-1\",\n });\n\n var awsRoute53ExampleCom = new Aws.CloudWatch.LogGroup(\"awsRoute53ExampleCom\", new()\n {\n RetentionInDays = 30,\n }, new CustomResourceOptions\n {\n Provider = aws.Us_east_1,\n });\n\n // Example CloudWatch log resource policy to allow Route53 to write logs\n // to any log group under /aws/route53/*\n var route53_query_logging_policyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", new()\n {\n PolicyDocument = route53_query_logging_policyPolicyDocument.Apply(route53_query_logging_policyPolicyDocument =\u003e route53_query_logging_policyPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n }, new CustomResourceOptions\n {\n Provider = aws.Us_east_1,\n });\n\n // Example Route53 zone with query logging\n var exampleComZone = new Aws.Route53.Zone(\"exampleComZone\");\n\n var exampleComQueryLog = new Aws.Route53.QueryLog(\"exampleComQueryLog\", new()\n {\n CloudwatchLogGroupArn = awsRoute53ExampleCom.Arn,\n ZoneId = exampleComZone.ZoneId,\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n route53_query_logging_policyLogResourcePolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"us-east-1\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsRoute53ExampleCom, err := cloudwatch.NewLogGroup(ctx, \"awsRoute53ExampleCom\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(30),\n\t\t}, pulumi.Provider(aws.UsEast1))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\troute53_query_logging_policyPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policyLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: *pulumi.String(route53_query_logging_policyPolicyDocument.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t}, pulumi.Provider(aws.UsEast1))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleComZone, err := route53.NewZone(ctx, \"exampleComZone\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewQueryLog(ctx, \"exampleComQueryLog\", \u0026route53.QueryLogArgs{\n\t\t\tCloudwatchLogGroupArn: awsRoute53ExampleCom.Arn,\n\t\t\tZoneId: exampleComZone.ZoneId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\troute53_query_logging_policyLogResourcePolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.QueryLog;\nimport com.pulumi.aws.route53.QueryLogArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var us_east_1 = new Provider(\"us-east-1\", ProviderArgs.builder() \n .region(\"us-east-1\")\n .build());\n\n var awsRoute53ExampleCom = new LogGroup(\"awsRoute53ExampleCom\", LogGroupArgs.builder() \n .retentionInDays(30)\n .build(), CustomResourceOptions.builder()\n .provider(aws.us-east-1())\n .build());\n\n final var route53-query-logging-policyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(route53_query_logging_policyPolicyDocument.json())\n .policyName(\"route53-query-logging-policy\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.us-east-1())\n .build());\n\n var exampleComZone = new Zone(\"exampleComZone\");\n\n var exampleComQueryLog = new QueryLog(\"exampleComQueryLog\", QueryLogArgs.builder() \n .cloudwatchLogGroupArn(awsRoute53ExampleCom.arn())\n .zoneId(exampleComZone.zoneId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(route53_query_logging_policyLogResourcePolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Example CloudWatch log group in us-east-1\n us-east-1:\n type: pulumi:providers:aws\n properties:\n region: us-east-1\n awsRoute53ExampleCom: # Example CloudWatch log resource policy to allow Route53 to write logs\n # to any log group under /aws/route53/*\n type: aws:cloudwatch:LogGroup\n properties:\n retentionInDays: 30\n options:\n provider: ${aws\"us-east-1\"[%!s(MISSING)]}\n route53-query-logging-policyLogResourcePolicy: # Example Route53 zone with query logging\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyDocument: ${[\"route53-query-logging-policyPolicyDocument\"].json}\n policyName: route53-query-logging-policy\n options:\n provider: ${aws\"us-east-1\"[%!s(MISSING)]}\n exampleComZone:\n type: aws:route53:Zone\n exampleComQueryLog:\n type: aws:route53:QueryLog\n properties:\n cloudwatchLogGroupArn: ${awsRoute53ExampleCom.arn}\n zoneId: ${exampleComZone.zoneId}\n options:\n dependson:\n - ${[\"route53-query-logging-policyLogResourcePolicy\"]}\nvariables:\n route53-query-logging-policyPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Route53 query logging configurations using their ID. For example:\n\n```sh\n $ pulumi import aws:route53/queryLog:QueryLog example_com xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n```\n ", + "description": "Provides a Route53 query logging configuration resource.\n\n\u003e **NOTE:** There are restrictions on the configuration of query logging. Notably,\nthe CloudWatch log group must be in the `us-east-1` region,\na permissive CloudWatch log resource policy must be in place, and\nthe Route53 hosted zone must be public.\nSee [Configuring Logging for DNS Queries](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html?console_help=true#query-logs-configuring) for additional details.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example CloudWatch log group in us-east-1\nconst us_east_1 = new aws.Provider(\"us-east-1\", {region: \"us-east-1\"});\nconst awsRoute53ExampleCom = new aws.cloudwatch.LogGroup(\"awsRoute53ExampleCom\", {retentionInDays: 30}, {\n provider: aws[\"us-east-1\"],\n});\n// Example CloudWatch log resource policy to allow Route53 to write logs\n// to any log group under /aws/route53/*\nconst route53-query-logging-policyPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", {\n policyDocument: route53_query_logging_policyPolicyDocument.then(route53_query_logging_policyPolicyDocument =\u003e route53_query_logging_policyPolicyDocument.json),\n policyName: \"route53-query-logging-policy\",\n}, {\n provider: aws[\"us-east-1\"],\n});\n// Example Route53 zone with query logging\nconst exampleComZone = new aws.route53.Zone(\"exampleComZone\", {});\nconst exampleComQueryLog = new aws.route53.QueryLog(\"exampleComQueryLog\", {\n cloudwatchLogGroupArn: awsRoute53ExampleCom.arn,\n zoneId: exampleComZone.zoneId,\n}, {\n dependsOn: [route53_query_logging_policyLogResourcePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example CloudWatch log group in us-east-1\nus_east_1 = aws.Provider(\"us-east-1\", region=\"us-east-1\")\naws_route53_example_com = aws.cloudwatch.LogGroup(\"awsRoute53ExampleCom\", retention_in_days=30,\nopts=pulumi.ResourceOptions(provider=aws[\"us-east-1\"]))\n# Example CloudWatch log resource policy to allow Route53 to write logs\n# to any log group under /aws/route53/*\nroute53_query_logging_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"route53.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\",\n policy_document=route53_query_logging_policy_policy_document.json,\n policy_name=\"route53-query-logging-policy\",\n opts=pulumi.ResourceOptions(provider=aws[\"us-east-1\"]))\n# Example Route53 zone with query logging\nexample_com_zone = aws.route53.Zone(\"exampleComZone\")\nexample_com_query_log = aws.route53.QueryLog(\"exampleComQueryLog\",\n cloudwatch_log_group_arn=aws_route53_example_com.arn,\n zone_id=example_com_zone.zone_id,\n opts=pulumi.ResourceOptions(depends_on=[route53_query_logging_policy_log_resource_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example CloudWatch log group in us-east-1\n var us_east_1 = new Aws.Provider(\"us-east-1\", new()\n {\n Region = \"us-east-1\",\n });\n\n var awsRoute53ExampleCom = new Aws.CloudWatch.LogGroup(\"awsRoute53ExampleCom\", new()\n {\n RetentionInDays = 30,\n }, new CustomResourceOptions\n {\n Provider = aws.Us_east_1,\n });\n\n // Example CloudWatch log resource policy to allow Route53 to write logs\n // to any log group under /aws/route53/*\n var route53_query_logging_policyPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", new()\n {\n PolicyDocument = route53_query_logging_policyPolicyDocument.Apply(route53_query_logging_policyPolicyDocument =\u003e route53_query_logging_policyPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n }, new CustomResourceOptions\n {\n Provider = aws.Us_east_1,\n });\n\n // Example Route53 zone with query logging\n var exampleComZone = new Aws.Route53.Zone(\"exampleComZone\");\n\n var exampleComQueryLog = new Aws.Route53.QueryLog(\"exampleComQueryLog\", new()\n {\n CloudwatchLogGroupArn = awsRoute53ExampleCom.Arn,\n ZoneId = exampleComZone.ZoneId,\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n route53_query_logging_policyLogResourcePolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example CloudWatch log group in us-east-1\n\t\t_, err := aws.NewProvider(ctx, \"us-east-1\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsRoute53ExampleCom, err := cloudwatch.NewLogGroup(ctx, \"awsRoute53ExampleCom\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(30),\n\t\t}, pulumi.Provider(aws.UsEast1))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\troute53_query_logging_policyPolicyDocument, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policyLogResourcePolicy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: *pulumi.String(route53_query_logging_policyPolicyDocument.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t}, pulumi.Provider(aws.UsEast1))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleComZone, err := route53.NewZone(ctx, \"exampleComZone\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewQueryLog(ctx, \"exampleComQueryLog\", \u0026route53.QueryLogArgs{\n\t\t\tCloudwatchLogGroupArn: awsRoute53ExampleCom.Arn,\n\t\t\tZoneId: exampleComZone.ZoneId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\troute53_query_logging_policyLogResourcePolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.QueryLog;\nimport com.pulumi.aws.route53.QueryLogArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var us_east_1 = new Provider(\"us-east-1\", ProviderArgs.builder() \n .region(\"us-east-1\")\n .build());\n\n var awsRoute53ExampleCom = new LogGroup(\"awsRoute53ExampleCom\", LogGroupArgs.builder() \n .retentionInDays(30)\n .build(), CustomResourceOptions.builder()\n .provider(aws.us-east-1())\n .build());\n\n final var route53-query-logging-policyPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder() \n .policyDocument(route53_query_logging_policyPolicyDocument.json())\n .policyName(\"route53-query-logging-policy\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.us-east-1())\n .build());\n\n var exampleComZone = new Zone(\"exampleComZone\");\n\n var exampleComQueryLog = new QueryLog(\"exampleComQueryLog\", QueryLogArgs.builder() \n .cloudwatchLogGroupArn(awsRoute53ExampleCom.arn())\n .zoneId(exampleComZone.zoneId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(route53_query_logging_policyLogResourcePolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Example CloudWatch log group in us-east-1\n us-east-1:\n type: pulumi:providers:aws\n properties:\n region: us-east-1\n awsRoute53ExampleCom: # Example CloudWatch log resource policy to allow Route53 to write logs\n # to any log group under /aws/route53/*\n type: aws:cloudwatch:LogGroup\n properties:\n retentionInDays: 30\n options:\n provider: ${aws\"us-east-1\"[%!s(MISSING)]}\n route53-query-logging-policyLogResourcePolicy: # Example Route53 zone with query logging\n type: aws:cloudwatch:LogResourcePolicy\n properties:\n policyDocument: ${[\"route53-query-logging-policyPolicyDocument\"].json}\n policyName: route53-query-logging-policy\n options:\n provider: ${aws\"us-east-1\"[%!s(MISSING)]}\n exampleComZone:\n type: aws:route53:Zone\n exampleComQueryLog:\n type: aws:route53:QueryLog\n properties:\n cloudwatchLogGroupArn: ${awsRoute53ExampleCom.arn}\n zoneId: ${exampleComZone.zoneId}\n options:\n dependson:\n - ${[\"route53-query-logging-policyLogResourcePolicy\"]}\nvariables:\n route53-query-logging-policyPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Route53 query logging configurations using their ID. For example:\n\n```sh\n $ pulumi import aws:route53/queryLog:QueryLog example_com xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n```\n ", "properties": { "arn": { "type": "string", @@ -313245,7 +313245,7 @@ } }, "aws:s3/bucketReplicationConfig:BucketReplicationConfig": { - "description": "Provides an independent configuration resource for S3 bucket [replication configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html).\n\n\u003e **NOTE:** S3 Buckets only support a single replication configuration. Declaring multiple `aws.s3.BucketReplicationConfig` resources to the same S3 Bucket will cause a perpetual difference in configuration.\n\n\u003e This resource cannot be used with S3 directory buckets.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using replication configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst central = new aws.Provider(\"central\", {region: \"eu-central-1\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"s3.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst replicationRole = new aws.iam.Role(\"replicationRole\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst destinationBucketV2 = new aws.s3.BucketV2(\"destinationBucketV2\", {});\nconst sourceBucketV2 = new aws.s3.BucketV2(\"sourceBucketV2\", {}, {\n provider: aws.central,\n});\nconst replicationPolicyDocument = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n ],\n resources: [sourceBucketV2.arn],\n },\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n ],\n resources: [pulumi.interpolate`${sourceBucketV2.arn}/*`],\n },\n {\n effect: \"Allow\",\n actions: [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n ],\n resources: [pulumi.interpolate`${destinationBucketV2.arn}/*`],\n },\n ],\n});\nconst replicationPolicy = new aws.iam.Policy(\"replicationPolicy\", {policy: replicationPolicyDocument.apply(replicationPolicyDocument =\u003e replicationPolicyDocument.json)});\nconst replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"replicationRolePolicyAttachment\", {\n role: replicationRole.name,\n policyArn: replicationPolicy.arn,\n});\nconst destinationBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"destinationBucketVersioningV2\", {\n bucket: destinationBucketV2.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst sourceBucketAcl = new aws.s3.BucketAclV2(\"sourceBucketAcl\", {\n bucket: sourceBucketV2.id,\n acl: \"private\",\n}, {\n provider: aws.central,\n});\nconst sourceBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"sourceBucketVersioningV2\", {\n bucket: sourceBucketV2.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n}, {\n provider: aws.central,\n});\nconst replicationBucketReplicationConfig = new aws.s3.BucketReplicationConfig(\"replicationBucketReplicationConfig\", {\n role: replicationRole.arn,\n bucket: sourceBucketV2.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: destinationBucketV2.arn,\n storageClass: \"STANDARD\",\n },\n }],\n}, {\n provider: aws.central,\n dependsOn: [sourceBucketVersioningV2],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncentral = aws.Provider(\"central\", region=\"eu-central-1\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"s3.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nreplication_role = aws.iam.Role(\"replicationRole\", assume_role_policy=assume_role.json)\ndestination_bucket_v2 = aws.s3.BucketV2(\"destinationBucketV2\")\nsource_bucket_v2 = aws.s3.BucketV2(\"sourceBucketV2\", opts=pulumi.ResourceOptions(provider=aws[\"central\"]))\nreplication_policy_document = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n ],\n resources=[source_bucket_v2.arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n ],\n resources=[source_bucket_v2.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n ],\n resources=[destination_bucket_v2.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n])\nreplication_policy = aws.iam.Policy(\"replicationPolicy\", policy=replication_policy_document.json)\nreplication_role_policy_attachment = aws.iam.RolePolicyAttachment(\"replicationRolePolicyAttachment\",\n role=replication_role.name,\n policy_arn=replication_policy.arn)\ndestination_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"destinationBucketVersioningV2\",\n bucket=destination_bucket_v2.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nsource_bucket_acl = aws.s3.BucketAclV2(\"sourceBucketAcl\",\n bucket=source_bucket_v2.id,\n acl=\"private\",\n opts=pulumi.ResourceOptions(provider=aws[\"central\"]))\nsource_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"sourceBucketVersioningV2\",\n bucket=source_bucket_v2.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"central\"]))\nreplication_bucket_replication_config = aws.s3.BucketReplicationConfig(\"replicationBucketReplicationConfig\",\n role=replication_role.arn,\n bucket=source_bucket_v2.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=destination_bucket_v2.arn,\n storage_class=\"STANDARD\",\n ),\n )],\n opts=pulumi.ResourceOptions(provider=aws[\"central\"],\n depends_on=[source_bucket_versioning_v2]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central = new Aws.Provider(\"central\", new()\n {\n Region = \"eu-central-1\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"s3.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var replicationRole = new Aws.Iam.Role(\"replicationRole\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var destinationBucketV2 = new Aws.S3.BucketV2(\"destinationBucketV2\");\n\n var sourceBucketV2 = new Aws.S3.BucketV2(\"sourceBucketV2\", new()\n {\n }, new CustomResourceOptions\n {\n Provider = aws.Central,\n });\n\n var replicationPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n sourceBucketV2.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n },\n Resources = new[]\n {\n $\"{sourceBucketV2.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n },\n Resources = new[]\n {\n $\"{destinationBucketV2.Arn}/*\",\n },\n },\n },\n });\n\n var replicationPolicy = new Aws.Iam.Policy(\"replicationPolicy\", new()\n {\n PolicyDocument = replicationPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"replicationRolePolicyAttachment\", new()\n {\n Role = replicationRole.Name,\n PolicyArn = replicationPolicy.Arn,\n });\n\n var destinationBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"destinationBucketVersioningV2\", new()\n {\n Bucket = destinationBucketV2.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var sourceBucketAcl = new Aws.S3.BucketAclV2(\"sourceBucketAcl\", new()\n {\n Bucket = sourceBucketV2.Id,\n Acl = \"private\",\n }, new CustomResourceOptions\n {\n Provider = aws.Central,\n });\n\n var sourceBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"sourceBucketVersioningV2\", new()\n {\n Bucket = sourceBucketV2.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Central,\n });\n\n var replicationBucketReplicationConfig = new Aws.S3.BucketReplicationConfig(\"replicationBucketReplicationConfig\", new()\n {\n Role = replicationRole.Arn,\n Bucket = sourceBucketV2.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = destinationBucketV2.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Central,\n DependsOn = new[]\n {\n sourceBucketVersioningV2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"central\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"eu-central-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"s3.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationRole, err := iam.NewRole(ctx, \"replicationRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationBucketV2, err := s3.NewBucketV2(ctx, \"destinationBucketV2\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceBucketV2, err := s3.NewBucketV2(ctx, \"sourceBucketV2\", nil, pulumi.Provider(aws.Central))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationPolicyDocument := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetReplicationConfiguration\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucket\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tsourceBucketV2.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionForReplication\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionAcl\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionTagging\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tsourceBucketV2.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateDelete\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateTags\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tdestinationBucketV2.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\treplicationPolicy, err := iam.NewPolicy(ctx, \"replicationPolicy\", \u0026iam.PolicyArgs{\n\t\t\tPolicy: replicationPolicyDocument.ApplyT(func(replicationPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026replicationPolicyDocument.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"replicationRolePolicyAttachment\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: replicationRole.Name,\n\t\t\tPolicyArn: replicationPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"destinationBucketVersioningV2\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: destinationBucketV2.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"sourceBucketAcl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: sourceBucketV2.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t}, pulumi.Provider(aws.Central))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, \"sourceBucketVersioningV2\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: sourceBucketV2.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Central))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"replicationBucketReplicationConfig\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: replicationRole.Arn,\n\t\t\tBucket: sourceBucketV2.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: destinationBucketV2.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Central), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceBucketVersioningV2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.s3.BucketVersioningV2;\nimport com.pulumi.aws.s3.BucketVersioningV2Args;\nimport com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.BucketReplicationConfig;\nimport com.pulumi.aws.s3.BucketReplicationConfigArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var central = new Provider(\"central\", ProviderArgs.builder() \n .region(\"eu-central-1\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"s3.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var replicationRole = new Role(\"replicationRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var destinationBucketV2 = new BucketV2(\"destinationBucketV2\");\n\n var sourceBucketV2 = new BucketV2(\"sourceBucketV2\", BucketV2Args.Empty, CustomResourceOptions.builder()\n .provider(aws.central())\n .build());\n\n final var replicationPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\")\n .resources(sourceBucketV2.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\")\n .resources(sourceBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\")\n .resources(destinationBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var replicationPolicy = new Policy(\"replicationPolicy\", PolicyArgs.builder() \n .policy(replicationPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(replicationPolicyDocument -\u003e replicationPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var replicationRolePolicyAttachment = new RolePolicyAttachment(\"replicationRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(replicationRole.name())\n .policyArn(replicationPolicy.arn())\n .build());\n\n var destinationBucketVersioningV2 = new BucketVersioningV2(\"destinationBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(destinationBucketV2.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var sourceBucketAcl = new BucketAclV2(\"sourceBucketAcl\", BucketAclV2Args.builder() \n .bucket(sourceBucketV2.id())\n .acl(\"private\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.central())\n .build());\n\n var sourceBucketVersioningV2 = new BucketVersioningV2(\"sourceBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(sourceBucketV2.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.central())\n .build());\n\n var replicationBucketReplicationConfig = new BucketReplicationConfig(\"replicationBucketReplicationConfig\", BucketReplicationConfigArgs.builder() \n .role(replicationRole.arn())\n .bucket(sourceBucketV2.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(destinationBucketV2.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.central())\n .dependsOn(sourceBucketVersioningV2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n central:\n type: pulumi:providers:aws\n properties:\n region: eu-central-1\n replicationRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n replicationPolicy:\n type: aws:iam:Policy\n properties:\n policy: ${replicationPolicyDocument.json}\n replicationRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${replicationRole.name}\n policyArn: ${replicationPolicy.arn}\n destinationBucketV2:\n type: aws:s3:BucketV2\n destinationBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n properties:\n bucket: ${destinationBucketV2.id}\n versioningConfiguration:\n status: Enabled\n sourceBucketV2:\n type: aws:s3:BucketV2\n options:\n provider: ${aws.central}\n sourceBucketAcl:\n type: aws:s3:BucketAclV2\n properties:\n bucket: ${sourceBucketV2.id}\n acl: private\n options:\n provider: ${aws.central}\n sourceBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n properties:\n bucket: ${sourceBucketV2.id}\n versioningConfiguration:\n status: Enabled\n options:\n provider: ${aws.central}\n replicationBucketReplicationConfig:\n type: aws:s3:BucketReplicationConfig\n properties:\n role: ${replicationRole.arn}\n bucket: ${sourceBucketV2.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${destinationBucketV2.arn}\n storageClass: STANDARD\n options:\n provider: ${aws.central}\n dependson:\n - ${sourceBucketVersioningV2}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - s3.amazonaws.com\n actions:\n - sts:AssumeRole\n replicationPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:GetReplicationConfiguration\n - s3:ListBucket\n resources:\n - ${sourceBucketV2.arn}\n - effect: Allow\n actions:\n - s3:GetObjectVersionForReplication\n - s3:GetObjectVersionAcl\n - s3:GetObjectVersionTagging\n resources:\n - ${sourceBucketV2.arn}/*\n - effect: Allow\n actions:\n - s3:ReplicateObject\n - s3:ReplicateDelete\n - s3:ReplicateTags\n resources:\n - ${destinationBucketV2.arn}/*\n```\n{{% /example %}}\n{{% example %}}\n### Bi-Directional Replication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst eastBucketV2 = new aws.s3.BucketV2(\"eastBucketV2\", {});\nconst eastBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"eastBucketVersioningV2\", {\n bucket: eastBucketV2.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst westBucketV2 = new aws.s3.BucketV2(\"westBucketV2\", {}, {\n provider: aws.west,\n});\nconst westBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"westBucketVersioningV2\", {\n bucket: westBucketV2.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n}, {\n provider: aws.west,\n});\nconst eastToWest = new aws.s3.BucketReplicationConfig(\"eastToWest\", {\n role: aws_iam_role.east_replication.arn,\n bucket: eastBucketV2.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: westBucketV2.arn,\n storageClass: \"STANDARD\",\n },\n }],\n}, {\n dependsOn: [eastBucketVersioningV2],\n});\nconst westToEast = new aws.s3.BucketReplicationConfig(\"westToEast\", {\n role: aws_iam_role.west_replication.arn,\n bucket: westBucketV2.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: eastBucketV2.arn,\n storageClass: \"STANDARD\",\n },\n }],\n}, {\n provider: aws.west,\n dependsOn: [westBucketVersioningV2],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\neast_bucket_v2 = aws.s3.BucketV2(\"eastBucketV2\")\neast_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"eastBucketVersioningV2\",\n bucket=east_bucket_v2.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nwest_bucket_v2 = aws.s3.BucketV2(\"westBucketV2\", opts=pulumi.ResourceOptions(provider=aws[\"west\"]))\nwest_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"westBucketVersioningV2\",\n bucket=west_bucket_v2.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"west\"]))\neast_to_west = aws.s3.BucketReplicationConfig(\"eastToWest\",\n role=aws_iam_role[\"east_replication\"][\"arn\"],\n bucket=east_bucket_v2.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=west_bucket_v2.arn,\n storage_class=\"STANDARD\",\n ),\n )],\n opts=pulumi.ResourceOptions(depends_on=[east_bucket_versioning_v2]))\nwest_to_east = aws.s3.BucketReplicationConfig(\"westToEast\",\n role=aws_iam_role[\"west_replication\"][\"arn\"],\n bucket=west_bucket_v2.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=east_bucket_v2.arn,\n storage_class=\"STANDARD\",\n ),\n )],\n opts=pulumi.ResourceOptions(provider=aws[\"west\"],\n depends_on=[west_bucket_versioning_v2]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var eastBucketV2 = new Aws.S3.BucketV2(\"eastBucketV2\");\n\n var eastBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"eastBucketVersioningV2\", new()\n {\n Bucket = eastBucketV2.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var westBucketV2 = new Aws.S3.BucketV2(\"westBucketV2\", new()\n {\n }, new CustomResourceOptions\n {\n Provider = aws.West,\n });\n\n var westBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"westBucketVersioningV2\", new()\n {\n Bucket = westBucketV2.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n }, new CustomResourceOptions\n {\n Provider = aws.West,\n });\n\n var eastToWest = new Aws.S3.BucketReplicationConfig(\"eastToWest\", new()\n {\n Role = aws_iam_role.East_replication.Arn,\n Bucket = eastBucketV2.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = westBucketV2.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n eastBucketVersioningV2,\n },\n });\n\n var westToEast = new Aws.S3.BucketReplicationConfig(\"westToEast\", new()\n {\n Role = aws_iam_role.West_replication.Arn,\n Bucket = westBucketV2.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = eastBucketV2.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.West,\n DependsOn = new[]\n {\n westBucketVersioningV2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teastBucketV2, err := s3.NewBucketV2(ctx, \"eastBucketV2\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teastBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, \"eastBucketVersioningV2\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: eastBucketV2.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twestBucketV2, err := s3.NewBucketV2(ctx, \"westBucketV2\", nil, pulumi.Provider(aws.West))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twestBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, \"westBucketVersioningV2\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: westBucketV2.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.West))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"eastToWest\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: pulumi.Any(aws_iam_role.East_replication.Arn),\n\t\t\tBucket: eastBucketV2.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: westBucketV2.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\teastBucketVersioningV2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"westToEast\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: pulumi.Any(aws_iam_role.West_replication.Arn),\n\t\t\tBucket: westBucketV2.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: eastBucketV2.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.Provider(aws.West), pulumi.DependsOn([]pulumi.Resource{\n\t\t\twestBucketVersioningV2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketVersioningV2;\nimport com.pulumi.aws.s3.BucketVersioningV2Args;\nimport com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketReplicationConfig;\nimport com.pulumi.aws.s3.BucketReplicationConfigArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eastBucketV2 = new BucketV2(\"eastBucketV2\");\n\n var eastBucketVersioningV2 = new BucketVersioningV2(\"eastBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(eastBucketV2.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var westBucketV2 = new BucketV2(\"westBucketV2\", BucketV2Args.Empty, CustomResourceOptions.builder()\n .provider(aws.west())\n .build());\n\n var westBucketVersioningV2 = new BucketVersioningV2(\"westBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(westBucketV2.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.west())\n .build());\n\n var eastToWest = new BucketReplicationConfig(\"eastToWest\", BucketReplicationConfigArgs.builder() \n .role(aws_iam_role.east_replication().arn())\n .bucket(eastBucketV2.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(westBucketV2.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(eastBucketVersioningV2)\n .build());\n\n var westToEast = new BucketReplicationConfig(\"westToEast\", BucketReplicationConfigArgs.builder() \n .role(aws_iam_role.west_replication().arn())\n .bucket(westBucketV2.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(eastBucketV2.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.west())\n .dependsOn(westBucketVersioningV2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ... other configuration ...\n eastBucketV2:\n type: aws:s3:BucketV2\n eastBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n properties:\n bucket: ${eastBucketV2.id}\n versioningConfiguration:\n status: Enabled\n westBucketV2:\n type: aws:s3:BucketV2\n options:\n provider: ${aws.west}\n westBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n properties:\n bucket: ${westBucketV2.id}\n versioningConfiguration:\n status: Enabled\n options:\n provider: ${aws.west}\n eastToWest:\n type: aws:s3:BucketReplicationConfig\n properties:\n role: ${aws_iam_role.east_replication.arn}\n bucket: ${eastBucketV2.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${westBucketV2.arn}\n storageClass: STANDARD\n options:\n dependson:\n - ${eastBucketVersioningV2}\n westToEast:\n type: aws:s3:BucketReplicationConfig\n properties:\n role: ${aws_iam_role.west_replication.arn}\n bucket: ${westBucketV2.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${eastBucketV2.arn}\n storageClass: STANDARD\n options:\n provider: ${aws.west}\n dependson:\n - ${westBucketVersioningV2}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import S3 bucket replication configuration using the `bucket`. For example:\n\n```sh\n $ pulumi import aws:s3/bucketReplicationConfig:BucketReplicationConfig replication bucket-name\n```\n ", + "description": "Provides an independent configuration resource for S3 bucket [replication configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html).\n\n\u003e **NOTE:** S3 Buckets only support a single replication configuration. Declaring multiple `aws.s3.BucketReplicationConfig` resources to the same S3 Bucket will cause a perpetual difference in configuration.\n\n\u003e This resource cannot be used with S3 directory buckets.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using replication configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst central = new aws.Provider(\"central\", {region: \"eu-central-1\"});\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"s3.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst replicationRole = new aws.iam.Role(\"replicationRole\", {assumeRolePolicy: assumeRole.then(assumeRole =\u003e assumeRole.json)});\nconst destinationBucketV2 = new aws.s3.BucketV2(\"destinationBucketV2\", {});\nconst sourceBucketV2 = new aws.s3.BucketV2(\"sourceBucketV2\", {}, {\n provider: aws.central,\n});\nconst replicationPolicyDocument = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n ],\n resources: [sourceBucketV2.arn],\n },\n {\n effect: \"Allow\",\n actions: [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n ],\n resources: [pulumi.interpolate`${sourceBucketV2.arn}/*`],\n },\n {\n effect: \"Allow\",\n actions: [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n ],\n resources: [pulumi.interpolate`${destinationBucketV2.arn}/*`],\n },\n ],\n});\nconst replicationPolicy = new aws.iam.Policy(\"replicationPolicy\", {policy: replicationPolicyDocument.apply(replicationPolicyDocument =\u003e replicationPolicyDocument.json)});\nconst replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"replicationRolePolicyAttachment\", {\n role: replicationRole.name,\n policyArn: replicationPolicy.arn,\n});\nconst destinationBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"destinationBucketVersioningV2\", {\n bucket: destinationBucketV2.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst sourceBucketAcl = new aws.s3.BucketAclV2(\"sourceBucketAcl\", {\n bucket: sourceBucketV2.id,\n acl: \"private\",\n}, {\n provider: aws.central,\n});\nconst sourceBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"sourceBucketVersioningV2\", {\n bucket: sourceBucketV2.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n}, {\n provider: aws.central,\n});\nconst replicationBucketReplicationConfig = new aws.s3.BucketReplicationConfig(\"replicationBucketReplicationConfig\", {\n role: replicationRole.arn,\n bucket: sourceBucketV2.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: destinationBucketV2.arn,\n storageClass: \"STANDARD\",\n },\n }],\n}, {\n provider: aws.central,\n dependsOn: [sourceBucketVersioningV2],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncentral = aws.Provider(\"central\", region=\"eu-central-1\")\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"s3.amazonaws.com\"],\n )],\n actions=[\"sts:AssumeRole\"],\n)])\nreplication_role = aws.iam.Role(\"replicationRole\", assume_role_policy=assume_role.json)\ndestination_bucket_v2 = aws.s3.BucketV2(\"destinationBucketV2\")\nsource_bucket_v2 = aws.s3.BucketV2(\"sourceBucketV2\", opts=pulumi.ResourceOptions(provider=aws[\"central\"]))\nreplication_policy_document = aws.iam.get_policy_document_output(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n ],\n resources=[source_bucket_v2.arn],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n ],\n resources=[source_bucket_v2.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n ],\n resources=[destination_bucket_v2.arn.apply(lambda arn: f\"{arn}/*\")],\n ),\n])\nreplication_policy = aws.iam.Policy(\"replicationPolicy\", policy=replication_policy_document.json)\nreplication_role_policy_attachment = aws.iam.RolePolicyAttachment(\"replicationRolePolicyAttachment\",\n role=replication_role.name,\n policy_arn=replication_policy.arn)\ndestination_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"destinationBucketVersioningV2\",\n bucket=destination_bucket_v2.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nsource_bucket_acl = aws.s3.BucketAclV2(\"sourceBucketAcl\",\n bucket=source_bucket_v2.id,\n acl=\"private\",\n opts=pulumi.ResourceOptions(provider=aws[\"central\"]))\nsource_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"sourceBucketVersioningV2\",\n bucket=source_bucket_v2.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"central\"]))\nreplication_bucket_replication_config = aws.s3.BucketReplicationConfig(\"replicationBucketReplicationConfig\",\n role=replication_role.arn,\n bucket=source_bucket_v2.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=destination_bucket_v2.arn,\n storage_class=\"STANDARD\",\n ),\n )],\n opts=pulumi.ResourceOptions(provider=aws[\"central\"],\n depends_on=[source_bucket_versioning_v2]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var central = new Aws.Provider(\"central\", new()\n {\n Region = \"eu-central-1\",\n });\n\n var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"s3.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var replicationRole = new Aws.Iam.Role(\"replicationRole\", new()\n {\n AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var destinationBucketV2 = new Aws.S3.BucketV2(\"destinationBucketV2\");\n\n var sourceBucketV2 = new Aws.S3.BucketV2(\"sourceBucketV2\", new()\n {\n }, new CustomResourceOptions\n {\n Provider = aws.Central,\n });\n\n var replicationPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\",\n },\n Resources = new[]\n {\n sourceBucketV2.Arn,\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\",\n },\n Resources = new[]\n {\n $\"{sourceBucketV2.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\",\n },\n Resources = new[]\n {\n $\"{destinationBucketV2.Arn}/*\",\n },\n },\n },\n });\n\n var replicationPolicy = new Aws.Iam.Policy(\"replicationPolicy\", new()\n {\n PolicyDocument = replicationPolicyDocument.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"replicationRolePolicyAttachment\", new()\n {\n Role = replicationRole.Name,\n PolicyArn = replicationPolicy.Arn,\n });\n\n var destinationBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"destinationBucketVersioningV2\", new()\n {\n Bucket = destinationBucketV2.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var sourceBucketAcl = new Aws.S3.BucketAclV2(\"sourceBucketAcl\", new()\n {\n Bucket = sourceBucketV2.Id,\n Acl = \"private\",\n }, new CustomResourceOptions\n {\n Provider = aws.Central,\n });\n\n var sourceBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"sourceBucketVersioningV2\", new()\n {\n Bucket = sourceBucketV2.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Central,\n });\n\n var replicationBucketReplicationConfig = new Aws.S3.BucketReplicationConfig(\"replicationBucketReplicationConfig\", new()\n {\n Role = replicationRole.Arn,\n Bucket = sourceBucketV2.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = destinationBucketV2.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Central,\n DependsOn = new[]\n {\n sourceBucketVersioningV2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.NewProvider(ctx, \"central\", \u0026aws.ProviderArgs{\n\t\t\tRegion: pulumi.String(\"eu-central-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"s3.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationRole, err := iam.NewRole(ctx, \"replicationRole\", \u0026iam.RoleArgs{\n\t\t\tAssumeRolePolicy: *pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestinationBucketV2, err := s3.NewBucketV2(ctx, \"destinationBucketV2\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceBucketV2, err := s3.NewBucketV2(ctx, \"sourceBucketV2\", nil, pulumi.Provider(aws.Central))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationPolicyDocument := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetReplicationConfiguration\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ListBucket\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tsourceBucketV2.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionForReplication\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionAcl\"),\n\t\t\t\t\t\tpulumi.String(\"s3:GetObjectVersionTagging\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tsourceBucketV2.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateObject\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateDelete\"),\n\t\t\t\t\t\tpulumi.String(\"s3:ReplicateTags\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tdestinationBucketV2.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\treplicationPolicy, err := iam.NewPolicy(ctx, \"replicationPolicy\", \u0026iam.PolicyArgs{\n\t\t\tPolicy: replicationPolicyDocument.ApplyT(func(replicationPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026replicationPolicyDocument.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"replicationRolePolicyAttachment\", \u0026iam.RolePolicyAttachmentArgs{\n\t\t\tRole: replicationRole.Name,\n\t\t\tPolicyArn: replicationPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketVersioningV2(ctx, \"destinationBucketVersioningV2\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: destinationBucketV2.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"sourceBucketAcl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: sourceBucketV2.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t}, pulumi.Provider(aws.Central))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsourceBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, \"sourceBucketVersioningV2\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: sourceBucketV2.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Central))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"replicationBucketReplicationConfig\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: replicationRole.Arn,\n\t\t\tBucket: sourceBucketV2.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: destinationBucketV2.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Central), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tsourceBucketVersioningV2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.RolePolicyAttachment;\nimport com.pulumi.aws.iam.RolePolicyAttachmentArgs;\nimport com.pulumi.aws.s3.BucketVersioningV2;\nimport com.pulumi.aws.s3.BucketVersioningV2Args;\nimport com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.aws.s3.BucketReplicationConfig;\nimport com.pulumi.aws.s3.BucketReplicationConfigArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var central = new Provider(\"central\", ProviderArgs.builder() \n .region(\"eu-central-1\")\n .build());\n\n final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"s3.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var replicationRole = new Role(\"replicationRole\", RoleArgs.builder() \n .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var destinationBucketV2 = new BucketV2(\"destinationBucketV2\");\n\n var sourceBucketV2 = new BucketV2(\"sourceBucketV2\", BucketV2Args.Empty, CustomResourceOptions.builder()\n .provider(aws.central())\n .build());\n\n final var replicationPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\")\n .resources(sourceBucketV2.arn())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\")\n .resources(sourceBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\")\n .resources(destinationBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build())\n .build());\n\n var replicationPolicy = new Policy(\"replicationPolicy\", PolicyArgs.builder() \n .policy(replicationPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(replicationPolicyDocument -\u003e replicationPolicyDocument.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var replicationRolePolicyAttachment = new RolePolicyAttachment(\"replicationRolePolicyAttachment\", RolePolicyAttachmentArgs.builder() \n .role(replicationRole.name())\n .policyArn(replicationPolicy.arn())\n .build());\n\n var destinationBucketVersioningV2 = new BucketVersioningV2(\"destinationBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(destinationBucketV2.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var sourceBucketAcl = new BucketAclV2(\"sourceBucketAcl\", BucketAclV2Args.builder() \n .bucket(sourceBucketV2.id())\n .acl(\"private\")\n .build(), CustomResourceOptions.builder()\n .provider(aws.central())\n .build());\n\n var sourceBucketVersioningV2 = new BucketVersioningV2(\"sourceBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(sourceBucketV2.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.central())\n .build());\n\n var replicationBucketReplicationConfig = new BucketReplicationConfig(\"replicationBucketReplicationConfig\", BucketReplicationConfigArgs.builder() \n .role(replicationRole.arn())\n .bucket(sourceBucketV2.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(destinationBucketV2.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.central())\n .dependsOn(sourceBucketVersioningV2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n central:\n type: pulumi:providers:aws\n properties:\n region: eu-central-1\n replicationRole:\n type: aws:iam:Role\n properties:\n assumeRolePolicy: ${assumeRole.json}\n replicationPolicy:\n type: aws:iam:Policy\n properties:\n policy: ${replicationPolicyDocument.json}\n replicationRolePolicyAttachment:\n type: aws:iam:RolePolicyAttachment\n properties:\n role: ${replicationRole.name}\n policyArn: ${replicationPolicy.arn}\n destinationBucketV2:\n type: aws:s3:BucketV2\n destinationBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n properties:\n bucket: ${destinationBucketV2.id}\n versioningConfiguration:\n status: Enabled\n sourceBucketV2:\n type: aws:s3:BucketV2\n options:\n provider: ${aws.central}\n sourceBucketAcl:\n type: aws:s3:BucketAclV2\n properties:\n bucket: ${sourceBucketV2.id}\n acl: private\n options:\n provider: ${aws.central}\n sourceBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n properties:\n bucket: ${sourceBucketV2.id}\n versioningConfiguration:\n status: Enabled\n options:\n provider: ${aws.central}\n replicationBucketReplicationConfig:\n type: aws:s3:BucketReplicationConfig\n properties:\n role: ${replicationRole.arn}\n bucket: ${sourceBucketV2.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${destinationBucketV2.arn}\n storageClass: STANDARD\n options:\n provider: ${aws.central}\n dependson:\n - ${sourceBucketVersioningV2}\nvariables:\n assumeRole:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - s3.amazonaws.com\n actions:\n - sts:AssumeRole\n replicationPolicyDocument:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - effect: Allow\n actions:\n - s3:GetReplicationConfiguration\n - s3:ListBucket\n resources:\n - ${sourceBucketV2.arn}\n - effect: Allow\n actions:\n - s3:GetObjectVersionForReplication\n - s3:GetObjectVersionAcl\n - s3:GetObjectVersionTagging\n resources:\n - ${sourceBucketV2.arn}/*\n - effect: Allow\n actions:\n - s3:ReplicateObject\n - s3:ReplicateDelete\n - s3:ReplicateTags\n resources:\n - ${destinationBucketV2.arn}/*\n```\n{{% /example %}}\n{{% example %}}\n### Bi-Directional Replication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst eastBucketV2 = new aws.s3.BucketV2(\"eastBucketV2\", {});\nconst eastBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"eastBucketVersioningV2\", {\n bucket: eastBucketV2.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n});\nconst westBucketV2 = new aws.s3.BucketV2(\"westBucketV2\", {}, {\n provider: aws.west,\n});\nconst westBucketVersioningV2 = new aws.s3.BucketVersioningV2(\"westBucketVersioningV2\", {\n bucket: westBucketV2.id,\n versioningConfiguration: {\n status: \"Enabled\",\n },\n}, {\n provider: aws.west,\n});\nconst eastToWest = new aws.s3.BucketReplicationConfig(\"eastToWest\", {\n role: aws_iam_role.east_replication.arn,\n bucket: eastBucketV2.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: westBucketV2.arn,\n storageClass: \"STANDARD\",\n },\n }],\n}, {\n dependsOn: [eastBucketVersioningV2],\n});\nconst westToEast = new aws.s3.BucketReplicationConfig(\"westToEast\", {\n role: aws_iam_role.west_replication.arn,\n bucket: westBucketV2.id,\n rules: [{\n id: \"foobar\",\n filter: {\n prefix: \"foo\",\n },\n status: \"Enabled\",\n destination: {\n bucket: eastBucketV2.arn,\n storageClass: \"STANDARD\",\n },\n }],\n}, {\n provider: aws.west,\n dependsOn: [westBucketVersioningV2],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\neast_bucket_v2 = aws.s3.BucketV2(\"eastBucketV2\")\neast_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"eastBucketVersioningV2\",\n bucket=east_bucket_v2.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ))\nwest_bucket_v2 = aws.s3.BucketV2(\"westBucketV2\", opts=pulumi.ResourceOptions(provider=aws[\"west\"]))\nwest_bucket_versioning_v2 = aws.s3.BucketVersioningV2(\"westBucketVersioningV2\",\n bucket=west_bucket_v2.id,\n versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(\n status=\"Enabled\",\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"west\"]))\neast_to_west = aws.s3.BucketReplicationConfig(\"eastToWest\",\n role=aws_iam_role[\"east_replication\"][\"arn\"],\n bucket=east_bucket_v2.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=west_bucket_v2.arn,\n storage_class=\"STANDARD\",\n ),\n )],\n opts=pulumi.ResourceOptions(depends_on=[east_bucket_versioning_v2]))\nwest_to_east = aws.s3.BucketReplicationConfig(\"westToEast\",\n role=aws_iam_role[\"west_replication\"][\"arn\"],\n bucket=west_bucket_v2.id,\n rules=[aws.s3.BucketReplicationConfigRuleArgs(\n id=\"foobar\",\n filter=aws.s3.BucketReplicationConfigRuleFilterArgs(\n prefix=\"foo\",\n ),\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(\n bucket=east_bucket_v2.arn,\n storage_class=\"STANDARD\",\n ),\n )],\n opts=pulumi.ResourceOptions(provider=aws[\"west\"],\n depends_on=[west_bucket_versioning_v2]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var eastBucketV2 = new Aws.S3.BucketV2(\"eastBucketV2\");\n\n var eastBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"eastBucketVersioningV2\", new()\n {\n Bucket = eastBucketV2.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n });\n\n var westBucketV2 = new Aws.S3.BucketV2(\"westBucketV2\", new()\n {\n }, new CustomResourceOptions\n {\n Provider = aws.West,\n });\n\n var westBucketVersioningV2 = new Aws.S3.BucketVersioningV2(\"westBucketVersioningV2\", new()\n {\n Bucket = westBucketV2.Id,\n VersioningConfiguration = new Aws.S3.Inputs.BucketVersioningV2VersioningConfigurationArgs\n {\n Status = \"Enabled\",\n },\n }, new CustomResourceOptions\n {\n Provider = aws.West,\n });\n\n var eastToWest = new Aws.S3.BucketReplicationConfig(\"eastToWest\", new()\n {\n Role = aws_iam_role.East_replication.Arn,\n Bucket = eastBucketV2.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = westBucketV2.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n eastBucketVersioningV2,\n },\n });\n\n var westToEast = new Aws.S3.BucketReplicationConfig(\"westToEast\", new()\n {\n Role = aws_iam_role.West_replication.Arn,\n Bucket = westBucketV2.Id,\n Rules = new[]\n {\n new Aws.S3.Inputs.BucketReplicationConfigRuleArgs\n {\n Id = \"foobar\",\n Filter = new Aws.S3.Inputs.BucketReplicationConfigRuleFilterArgs\n {\n Prefix = \"foo\",\n },\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigRuleDestinationArgs\n {\n Bucket = eastBucketV2.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.West,\n DependsOn = new[]\n {\n westBucketVersioningV2,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\teastBucketV2, err := s3.NewBucketV2(ctx, \"eastBucketV2\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\teastBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, \"eastBucketVersioningV2\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: eastBucketV2.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twestBucketV2, err := s3.NewBucketV2(ctx, \"westBucketV2\", nil, pulumi.Provider(aws.West))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twestBucketVersioningV2, err := s3.NewBucketVersioningV2(ctx, \"westBucketVersioningV2\", \u0026s3.BucketVersioningV2Args{\n\t\t\tBucket: westBucketV2.ID(),\n\t\t\tVersioningConfiguration: \u0026s3.BucketVersioningV2VersioningConfigurationArgs{\n\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.West))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"eastToWest\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: pulumi.Any(aws_iam_role.East_replication.Arn),\n\t\t\tBucket: eastBucketV2.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: westBucketV2.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\teastBucketVersioningV2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketReplicationConfig(ctx, \"westToEast\", \u0026s3.BucketReplicationConfigArgs{\n\t\t\tRole: pulumi.Any(aws_iam_role.West_replication.Arn),\n\t\t\tBucket: westBucketV2.ID(),\n\t\t\tRules: s3.BucketReplicationConfigRuleArray{\n\t\t\t\t\u0026s3.BucketReplicationConfigRuleArgs{\n\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\tFilter: \u0026s3.BucketReplicationConfigRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t},\n\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\tDestination: \u0026s3.BucketReplicationConfigRuleDestinationArgs{\n\t\t\t\t\t\tBucket: eastBucketV2.Arn,\n\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.Provider(aws.West), pulumi.DependsOn([]pulumi.Resource{\n\t\t\twestBucketVersioningV2,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketVersioningV2;\nimport com.pulumi.aws.s3.BucketVersioningV2Args;\nimport com.pulumi.aws.s3.inputs.BucketVersioningV2VersioningConfigurationArgs;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.s3.BucketReplicationConfig;\nimport com.pulumi.aws.s3.BucketReplicationConfigArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleFilterArgs;\nimport com.pulumi.aws.s3.inputs.BucketReplicationConfigRuleDestinationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var eastBucketV2 = new BucketV2(\"eastBucketV2\");\n\n var eastBucketVersioningV2 = new BucketVersioningV2(\"eastBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(eastBucketV2.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build());\n\n var westBucketV2 = new BucketV2(\"westBucketV2\", BucketV2Args.Empty, CustomResourceOptions.builder()\n .provider(aws.west())\n .build());\n\n var westBucketVersioningV2 = new BucketVersioningV2(\"westBucketVersioningV2\", BucketVersioningV2Args.builder() \n .bucket(westBucketV2.id())\n .versioningConfiguration(BucketVersioningV2VersioningConfigurationArgs.builder()\n .status(\"Enabled\")\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.west())\n .build());\n\n var eastToWest = new BucketReplicationConfig(\"eastToWest\", BucketReplicationConfigArgs.builder() \n .role(aws_iam_role.east_replication().arn())\n .bucket(eastBucketV2.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(westBucketV2.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(eastBucketVersioningV2)\n .build());\n\n var westToEast = new BucketReplicationConfig(\"westToEast\", BucketReplicationConfigArgs.builder() \n .role(aws_iam_role.west_replication().arn())\n .bucket(westBucketV2.id())\n .rules(BucketReplicationConfigRuleArgs.builder()\n .id(\"foobar\")\n .filter(BucketReplicationConfigRuleFilterArgs.builder()\n .prefix(\"foo\")\n .build())\n .status(\"Enabled\")\n .destination(BucketReplicationConfigRuleDestinationArgs.builder()\n .bucket(eastBucketV2.arn())\n .storageClass(\"STANDARD\")\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .provider(aws.west())\n .dependsOn(westBucketVersioningV2)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ... other configuration ...\n eastBucketV2:\n type: aws:s3:BucketV2\n eastBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n properties:\n bucket: ${eastBucketV2.id}\n versioningConfiguration:\n status: Enabled\n westBucketV2:\n type: aws:s3:BucketV2\n options:\n provider: ${aws.west}\n westBucketVersioningV2:\n type: aws:s3:BucketVersioningV2\n properties:\n bucket: ${westBucketV2.id}\n versioningConfiguration:\n status: Enabled\n options:\n provider: ${aws.west}\n eastToWest:\n type: aws:s3:BucketReplicationConfig\n properties:\n role: ${aws_iam_role.east_replication.arn}\n bucket: ${eastBucketV2.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${westBucketV2.arn}\n storageClass: STANDARD\n options:\n dependson:\n - ${eastBucketVersioningV2}\n westToEast:\n type: aws:s3:BucketReplicationConfig\n properties:\n role: ${aws_iam_role.west_replication.arn}\n bucket: ${westBucketV2.id}\n rules:\n - id: foobar\n filter:\n prefix: foo\n status: Enabled\n destination:\n bucket: ${eastBucketV2.arn}\n storageClass: STANDARD\n options:\n provider: ${aws.west}\n dependson:\n - ${westBucketVersioningV2}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import S3 bucket replication configuration using the `bucket`. For example:\n\n```sh\n $ pulumi import aws:s3/bucketReplicationConfig:BucketReplicationConfig replication bucket-name\n```\n ", "properties": { "bucket": { "type": "string", @@ -321528,7 +321528,7 @@ } }, "aws:securityhub/organizationAdminAccount:OrganizationAdminAccount": { - "description": "Manages a Security Hub administrator account for an organization. The AWS account utilizing this resource must be an Organizations primary account. More information about Organizations support in Security Hub can be found in the [Security Hub User Guide](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleOrganization = new aws.organizations.Organization(\"exampleOrganization\", {\n awsServiceAccessPrincipals: [\"securityhub.amazonaws.com\"],\n featureSet: \"ALL\",\n});\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleOrganizationAdminAccount = new aws.securityhub.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", {adminAccountId: \"123456789012\"}, {\n dependsOn: [exampleOrganization],\n});\n// Auto enable security hub in organization member accounts\nconst exampleOrganizationConfiguration = new aws.securityhub.OrganizationConfiguration(\"exampleOrganizationConfiguration\", {autoEnable: true});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_organization = aws.organizations.Organization(\"exampleOrganization\",\n aws_service_access_principals=[\"securityhub.amazonaws.com\"],\n feature_set=\"ALL\")\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_organization_admin_account = aws.securityhub.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", admin_account_id=\"123456789012\",\nopts=pulumi.ResourceOptions(depends_on=[example_organization]))\n# Auto enable security hub in organization member accounts\nexample_organization_configuration = aws.securityhub.OrganizationConfiguration(\"exampleOrganizationConfiguration\", auto_enable=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleOrganization = new Aws.Organizations.Organization(\"exampleOrganization\", new()\n {\n AwsServiceAccessPrincipals = new[]\n {\n \"securityhub.amazonaws.com\",\n },\n FeatureSet = \"ALL\",\n });\n\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\");\n\n var exampleOrganizationAdminAccount = new Aws.SecurityHub.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", new()\n {\n AdminAccountId = \"123456789012\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleOrganization,\n },\n });\n\n // Auto enable security hub in organization member accounts\n var exampleOrganizationConfiguration = new Aws.SecurityHub.OrganizationConfiguration(\"exampleOrganizationConfiguration\", new()\n {\n AutoEnable = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleOrganization, err := organizations.NewOrganization(ctx, \"exampleOrganization\", \u0026organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"securityhub.amazonaws.com\"),\n\t\t\t},\n\t\t\tFeatureSet: pulumi.String(\"ALL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewOrganizationAdminAccount(ctx, \"exampleOrganizationAdminAccount\", \u0026securityhub.OrganizationAdminAccountArgs{\n\t\t\tAdminAccountId: pulumi.String(\"123456789012\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleOrganization,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewOrganizationConfiguration(ctx, \"exampleOrganizationConfiguration\", \u0026securityhub.OrganizationConfigurationArgs{\n\t\t\tAutoEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.organizations.Organization;\nimport com.pulumi.aws.organizations.OrganizationArgs;\nimport com.pulumi.aws.securityhub.Account;\nimport com.pulumi.aws.securityhub.OrganizationAdminAccount;\nimport com.pulumi.aws.securityhub.OrganizationAdminAccountArgs;\nimport com.pulumi.aws.securityhub.OrganizationConfiguration;\nimport com.pulumi.aws.securityhub.OrganizationConfigurationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleOrganization = new Organization(\"exampleOrganization\", OrganizationArgs.builder() \n .awsServiceAccessPrincipals(\"securityhub.amazonaws.com\")\n .featureSet(\"ALL\")\n .build());\n\n var exampleAccount = new Account(\"exampleAccount\");\n\n var exampleOrganizationAdminAccount = new OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", OrganizationAdminAccountArgs.builder() \n .adminAccountId(\"123456789012\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleOrganization)\n .build());\n\n var exampleOrganizationConfiguration = new OrganizationConfiguration(\"exampleOrganizationConfiguration\", OrganizationConfigurationArgs.builder() \n .autoEnable(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleOrganization:\n type: aws:organizations:Organization\n properties:\n awsServiceAccessPrincipals:\n - securityhub.amazonaws.com\n featureSet: ALL\n exampleAccount:\n type: aws:securityhub:Account\n exampleOrganizationAdminAccount:\n type: aws:securityhub:OrganizationAdminAccount\n properties:\n adminAccountId: '123456789012'\n options:\n dependson:\n - ${exampleOrganization}\n # Auto enable security hub in organization member accounts\n exampleOrganizationConfiguration:\n type: aws:securityhub:OrganizationConfiguration\n properties:\n autoEnable: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Security Hub Organization Admin Accounts using the AWS account ID. For example:\n\n```sh\n $ pulumi import aws:securityhub/organizationAdminAccount:OrganizationAdminAccount example 123456789012\n```\n ", + "description": "Manages a Security Hub administrator account for an organization. The AWS account utilizing this resource must be an Organizations primary account. More information about Organizations support in Security Hub can be found in the [Security Hub User Guide](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleOrganization = new aws.organizations.Organization(\"exampleOrganization\", {\n awsServiceAccessPrincipals: [\"securityhub.amazonaws.com\"],\n featureSet: \"ALL\",\n});\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleOrganizationAdminAccount = new aws.securityhub.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", {adminAccountId: \"123456789012\"}, {\n dependsOn: [exampleOrganization],\n});\n// Auto enable security hub in organization member accounts\nconst exampleOrganizationConfiguration = new aws.securityhub.OrganizationConfiguration(\"exampleOrganizationConfiguration\", {autoEnable: true});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_organization = aws.organizations.Organization(\"exampleOrganization\",\n aws_service_access_principals=[\"securityhub.amazonaws.com\"],\n feature_set=\"ALL\")\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_organization_admin_account = aws.securityhub.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", admin_account_id=\"123456789012\",\nopts=pulumi.ResourceOptions(depends_on=[example_organization]))\n# Auto enable security hub in organization member accounts\nexample_organization_configuration = aws.securityhub.OrganizationConfiguration(\"exampleOrganizationConfiguration\", auto_enable=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleOrganization = new Aws.Organizations.Organization(\"exampleOrganization\", new()\n {\n AwsServiceAccessPrincipals = new[]\n {\n \"securityhub.amazonaws.com\",\n },\n FeatureSet = \"ALL\",\n });\n\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\");\n\n var exampleOrganizationAdminAccount = new Aws.SecurityHub.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", new()\n {\n AdminAccountId = \"123456789012\",\n }, new CustomResourceOptions\n {\n DependsOn = new[]\n {\n exampleOrganization,\n },\n });\n\n // Auto enable security hub in organization member accounts\n var exampleOrganizationConfiguration = new Aws.SecurityHub.OrganizationConfiguration(\"exampleOrganizationConfiguration\", new()\n {\n AutoEnable = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleOrganization, err := organizations.NewOrganization(ctx, \"exampleOrganization\", \u0026organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"securityhub.amazonaws.com\"),\n\t\t\t},\n\t\t\tFeatureSet: pulumi.String(\"ALL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewOrganizationAdminAccount(ctx, \"exampleOrganizationAdminAccount\", \u0026securityhub.OrganizationAdminAccountArgs{\n\t\t\tAdminAccountId: pulumi.String(\"123456789012\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleOrganization,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Auto enable security hub in organization member accounts\n\t\t_, err = securityhub.NewOrganizationConfiguration(ctx, \"exampleOrganizationConfiguration\", \u0026securityhub.OrganizationConfigurationArgs{\n\t\t\tAutoEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.organizations.Organization;\nimport com.pulumi.aws.organizations.OrganizationArgs;\nimport com.pulumi.aws.securityhub.Account;\nimport com.pulumi.aws.securityhub.OrganizationAdminAccount;\nimport com.pulumi.aws.securityhub.OrganizationAdminAccountArgs;\nimport com.pulumi.aws.securityhub.OrganizationConfiguration;\nimport com.pulumi.aws.securityhub.OrganizationConfigurationArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleOrganization = new Organization(\"exampleOrganization\", OrganizationArgs.builder() \n .awsServiceAccessPrincipals(\"securityhub.amazonaws.com\")\n .featureSet(\"ALL\")\n .build());\n\n var exampleAccount = new Account(\"exampleAccount\");\n\n var exampleOrganizationAdminAccount = new OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", OrganizationAdminAccountArgs.builder() \n .adminAccountId(\"123456789012\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleOrganization)\n .build());\n\n var exampleOrganizationConfiguration = new OrganizationConfiguration(\"exampleOrganizationConfiguration\", OrganizationConfigurationArgs.builder() \n .autoEnable(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleOrganization:\n type: aws:organizations:Organization\n properties:\n awsServiceAccessPrincipals:\n - securityhub.amazonaws.com\n featureSet: ALL\n exampleAccount:\n type: aws:securityhub:Account\n exampleOrganizationAdminAccount:\n type: aws:securityhub:OrganizationAdminAccount\n properties:\n adminAccountId: '123456789012'\n options:\n dependson:\n - ${exampleOrganization}\n # Auto enable security hub in organization member accounts\n exampleOrganizationConfiguration:\n type: aws:securityhub:OrganizationConfiguration\n properties:\n autoEnable: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import Security Hub Organization Admin Accounts using the AWS account ID. For example:\n\n```sh\n $ pulumi import aws:securityhub/organizationAdminAccount:OrganizationAdminAccount example 123456789012\n```\n ", "properties": { "adminAccountId": { "type": "string", @@ -325211,7 +325211,7 @@ } }, "aws:ses/mailFrom:MailFrom": { - "description": "Provides an SES domain MAIL FROM resource.\n\n\u003e **NOTE:** For the MAIL FROM domain to be fully usable, this resource should be paired with the aws.ses.DomainIdentity resource. To validate the MAIL FROM domain, a DNS MX record is required. To pass SPF checks, a DNS TXT record may also be required. See the [Amazon SES MAIL FROM documentation](https://docs.aws.amazon.com/ses/latest/dg/mail-from.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Domain Identity MAIL FROM\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example SES Domain Identity\nconst exampleDomainIdentity = new aws.ses.DomainIdentity(\"exampleDomainIdentity\", {domain: \"example.com\"});\nconst exampleMailFrom = new aws.ses.MailFrom(\"exampleMailFrom\", {\n domain: exampleDomainIdentity.domain,\n mailFromDomain: pulumi.interpolate`bounce.${exampleDomainIdentity.domain}`,\n});\n// Example Route53 MX record\nconst exampleSesDomainMailFromMx = new aws.route53.Record(\"exampleSesDomainMailFromMx\", {\n zoneId: aws_route53_zone.example.id,\n name: exampleMailFrom.mailFromDomain,\n type: \"MX\",\n ttl: 600,\n records: [\"10 feedback-smtp.us-east-1.amazonses.com\"],\n});\n// Change to the region in which `aws_ses_domain_identity.example` is created\n// Example Route53 TXT record for SPF\nconst exampleSesDomainMailFromTxt = new aws.route53.Record(\"exampleSesDomainMailFromTxt\", {\n zoneId: aws_route53_zone.example.id,\n name: exampleMailFrom.mailFromDomain,\n type: \"TXT\",\n ttl: 600,\n records: [\"v=spf1 include:amazonses.com -all\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example SES Domain Identity\nexample_domain_identity = aws.ses.DomainIdentity(\"exampleDomainIdentity\", domain=\"example.com\")\nexample_mail_from = aws.ses.MailFrom(\"exampleMailFrom\",\n domain=example_domain_identity.domain,\n mail_from_domain=example_domain_identity.domain.apply(lambda domain: f\"bounce.{domain}\"))\n# Example Route53 MX record\nexample_ses_domain_mail_from_mx = aws.route53.Record(\"exampleSesDomainMailFromMx\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n name=example_mail_from.mail_from_domain,\n type=\"MX\",\n ttl=600,\n records=[\"10 feedback-smtp.us-east-1.amazonses.com\"])\n# Change to the region in which `aws_ses_domain_identity.example` is created\n# Example Route53 TXT record for SPF\nexample_ses_domain_mail_from_txt = aws.route53.Record(\"exampleSesDomainMailFromTxt\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n name=example_mail_from.mail_from_domain,\n type=\"TXT\",\n ttl=600,\n records=[\"v=spf1 include:amazonses.com -all\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example SES Domain Identity\n var exampleDomainIdentity = new Aws.Ses.DomainIdentity(\"exampleDomainIdentity\", new()\n {\n Domain = \"example.com\",\n });\n\n var exampleMailFrom = new Aws.Ses.MailFrom(\"exampleMailFrom\", new()\n {\n Domain = exampleDomainIdentity.Domain,\n MailFromDomain = exampleDomainIdentity.Domain.Apply(domain =\u003e $\"bounce.{domain}\"),\n });\n\n // Example Route53 MX record\n var exampleSesDomainMailFromMx = new Aws.Route53.Record(\"exampleSesDomainMailFromMx\", new()\n {\n ZoneId = aws_route53_zone.Example.Id,\n Name = exampleMailFrom.MailFromDomain,\n Type = \"MX\",\n Ttl = 600,\n Records = new[]\n {\n \"10 feedback-smtp.us-east-1.amazonses.com\",\n },\n });\n\n // Change to the region in which `aws_ses_domain_identity.example` is created\n // Example Route53 TXT record for SPF\n var exampleSesDomainMailFromTxt = new Aws.Route53.Record(\"exampleSesDomainMailFromTxt\", new()\n {\n ZoneId = aws_route53_zone.Example.Id,\n Name = exampleMailFrom.MailFromDomain,\n Type = \"TXT\",\n Ttl = 600,\n Records = new[]\n {\n \"v=spf1 include:amazonses.com -all\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomainIdentity, err := ses.NewDomainIdentity(ctx, \"exampleDomainIdentity\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMailFrom, err := ses.NewMailFrom(ctx, \"exampleMailFrom\", \u0026ses.MailFromArgs{\n\t\t\tDomain: exampleDomainIdentity.Domain,\n\t\t\tMailFromDomain: exampleDomainIdentity.Domain.ApplyT(func(domain string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"bounce.%v\", domain), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleSesDomainMailFromMx\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tName: exampleMailFrom.MailFromDomain,\n\t\t\tType: pulumi.String(\"MX\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10 feedback-smtp.us-east-1.amazonses.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleSesDomainMailFromTxt\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tName: exampleMailFrom.MailFromDomain,\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"v=spf1 include:amazonses.com -all\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.ses.MailFrom;\nimport com.pulumi.aws.ses.MailFromArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainIdentity = new DomainIdentity(\"exampleDomainIdentity\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var exampleMailFrom = new MailFrom(\"exampleMailFrom\", MailFromArgs.builder() \n .domain(exampleDomainIdentity.domain())\n .mailFromDomain(exampleDomainIdentity.domain().applyValue(domain -\u003e String.format(\"bounce.%s\", domain)))\n .build());\n\n var exampleSesDomainMailFromMx = new Record(\"exampleSesDomainMailFromMx\", RecordArgs.builder() \n .zoneId(aws_route53_zone.example().id())\n .name(exampleMailFrom.mailFromDomain())\n .type(\"MX\")\n .ttl(\"600\")\n .records(\"10 feedback-smtp.us-east-1.amazonses.com\")\n .build());\n\n var exampleSesDomainMailFromTxt = new Record(\"exampleSesDomainMailFromTxt\", RecordArgs.builder() \n .zoneId(aws_route53_zone.example().id())\n .name(exampleMailFrom.mailFromDomain())\n .type(\"TXT\")\n .ttl(\"600\")\n .records(\"v=spf1 include:amazonses.com -all\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleMailFrom:\n type: aws:ses:MailFrom\n properties:\n domain: ${exampleDomainIdentity.domain}\n mailFromDomain: bounce.${exampleDomainIdentity.domain}\n # Example SES Domain Identity\n exampleDomainIdentity:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n # Example Route53 MX record\n exampleSesDomainMailFromMx:\n type: aws:route53:Record\n properties:\n zoneId: ${aws_route53_zone.example.id}\n name: ${exampleMailFrom.mailFromDomain}\n type: MX\n ttl: '600'\n records:\n - 10 feedback-smtp.us-east-1.amazonses.com\n # Example Route53 TXT record for SPF\n exampleSesDomainMailFromTxt:\n type: aws:route53:Record\n properties:\n zoneId: ${aws_route53_zone.example.id}\n name: ${exampleMailFrom.mailFromDomain}\n type: TXT\n ttl: '600'\n records:\n - v=spf1 include:amazonses.com -all\n```\n{{% /example %}}\n{{% example %}}\n### Email Identity MAIL FROM\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example SES Email Identity\nconst exampleEmailIdentity = new aws.ses.EmailIdentity(\"exampleEmailIdentity\", {email: \"user@example.com\"});\nconst exampleMailFrom = new aws.ses.MailFrom(\"exampleMailFrom\", {\n domain: exampleEmailIdentity.email,\n mailFromDomain: \"mail.example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example SES Email Identity\nexample_email_identity = aws.ses.EmailIdentity(\"exampleEmailIdentity\", email=\"user@example.com\")\nexample_mail_from = aws.ses.MailFrom(\"exampleMailFrom\",\n domain=example_email_identity.email,\n mail_from_domain=\"mail.example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example SES Email Identity\n var exampleEmailIdentity = new Aws.Ses.EmailIdentity(\"exampleEmailIdentity\", new()\n {\n Email = \"user@example.com\",\n });\n\n var exampleMailFrom = new Aws.Ses.MailFrom(\"exampleMailFrom\", new()\n {\n Domain = exampleEmailIdentity.Email,\n MailFromDomain = \"mail.example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEmailIdentity, err := ses.NewEmailIdentity(ctx, \"exampleEmailIdentity\", \u0026ses.EmailIdentityArgs{\n\t\t\tEmail: pulumi.String(\"user@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewMailFrom(ctx, \"exampleMailFrom\", \u0026ses.MailFromArgs{\n\t\t\tDomain: exampleEmailIdentity.Email,\n\t\t\tMailFromDomain: pulumi.String(\"mail.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.EmailIdentity;\nimport com.pulumi.aws.ses.EmailIdentityArgs;\nimport com.pulumi.aws.ses.MailFrom;\nimport com.pulumi.aws.ses.MailFromArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEmailIdentity = new EmailIdentity(\"exampleEmailIdentity\", EmailIdentityArgs.builder() \n .email(\"user@example.com\")\n .build());\n\n var exampleMailFrom = new MailFrom(\"exampleMailFrom\", MailFromArgs.builder() \n .domain(exampleEmailIdentity.email())\n .mailFromDomain(\"mail.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Example SES Email Identity\n exampleEmailIdentity:\n type: aws:ses:EmailIdentity\n properties:\n email: user@example.com\n exampleMailFrom:\n type: aws:ses:MailFrom\n properties:\n domain: ${exampleEmailIdentity.email}\n mailFromDomain: mail.example.com\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import MAIL FROM domain using the `domain` attribute. For example:\n\n```sh\n $ pulumi import aws:ses/mailFrom:MailFrom example example.com\n```\n ", + "description": "Provides an SES domain MAIL FROM resource.\n\n\u003e **NOTE:** For the MAIL FROM domain to be fully usable, this resource should be paired with the aws.ses.DomainIdentity resource. To validate the MAIL FROM domain, a DNS MX record is required. To pass SPF checks, a DNS TXT record may also be required. See the [Amazon SES MAIL FROM documentation](https://docs.aws.amazon.com/ses/latest/dg/mail-from.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Domain Identity MAIL FROM\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example SES Domain Identity\nconst exampleDomainIdentity = new aws.ses.DomainIdentity(\"exampleDomainIdentity\", {domain: \"example.com\"});\nconst exampleMailFrom = new aws.ses.MailFrom(\"exampleMailFrom\", {\n domain: exampleDomainIdentity.domain,\n mailFromDomain: pulumi.interpolate`bounce.${exampleDomainIdentity.domain}`,\n});\n// Example Route53 MX record\nconst exampleSesDomainMailFromMx = new aws.route53.Record(\"exampleSesDomainMailFromMx\", {\n zoneId: aws_route53_zone.example.id,\n name: exampleMailFrom.mailFromDomain,\n type: \"MX\",\n ttl: 600,\n records: [\"10 feedback-smtp.us-east-1.amazonses.com\"],\n});\n// Change to the region in which `aws_ses_domain_identity.example` is created\n// Example Route53 TXT record for SPF\nconst exampleSesDomainMailFromTxt = new aws.route53.Record(\"exampleSesDomainMailFromTxt\", {\n zoneId: aws_route53_zone.example.id,\n name: exampleMailFrom.mailFromDomain,\n type: \"TXT\",\n ttl: 600,\n records: [\"v=spf1 include:amazonses.com -all\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example SES Domain Identity\nexample_domain_identity = aws.ses.DomainIdentity(\"exampleDomainIdentity\", domain=\"example.com\")\nexample_mail_from = aws.ses.MailFrom(\"exampleMailFrom\",\n domain=example_domain_identity.domain,\n mail_from_domain=example_domain_identity.domain.apply(lambda domain: f\"bounce.{domain}\"))\n# Example Route53 MX record\nexample_ses_domain_mail_from_mx = aws.route53.Record(\"exampleSesDomainMailFromMx\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n name=example_mail_from.mail_from_domain,\n type=\"MX\",\n ttl=600,\n records=[\"10 feedback-smtp.us-east-1.amazonses.com\"])\n# Change to the region in which `aws_ses_domain_identity.example` is created\n# Example Route53 TXT record for SPF\nexample_ses_domain_mail_from_txt = aws.route53.Record(\"exampleSesDomainMailFromTxt\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n name=example_mail_from.mail_from_domain,\n type=\"TXT\",\n ttl=600,\n records=[\"v=spf1 include:amazonses.com -all\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example SES Domain Identity\n var exampleDomainIdentity = new Aws.Ses.DomainIdentity(\"exampleDomainIdentity\", new()\n {\n Domain = \"example.com\",\n });\n\n var exampleMailFrom = new Aws.Ses.MailFrom(\"exampleMailFrom\", new()\n {\n Domain = exampleDomainIdentity.Domain,\n MailFromDomain = exampleDomainIdentity.Domain.Apply(domain =\u003e $\"bounce.{domain}\"),\n });\n\n // Example Route53 MX record\n var exampleSesDomainMailFromMx = new Aws.Route53.Record(\"exampleSesDomainMailFromMx\", new()\n {\n ZoneId = aws_route53_zone.Example.Id,\n Name = exampleMailFrom.MailFromDomain,\n Type = \"MX\",\n Ttl = 600,\n Records = new[]\n {\n \"10 feedback-smtp.us-east-1.amazonses.com\",\n },\n });\n\n // Change to the region in which `aws_ses_domain_identity.example` is created\n // Example Route53 TXT record for SPF\n var exampleSesDomainMailFromTxt = new Aws.Route53.Record(\"exampleSesDomainMailFromTxt\", new()\n {\n ZoneId = aws_route53_zone.Example.Id,\n Name = exampleMailFrom.MailFromDomain,\n Type = \"TXT\",\n Ttl = 600,\n Records = new[]\n {\n \"v=spf1 include:amazonses.com -all\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example SES Domain Identity\n\t\texampleDomainIdentity, err := ses.NewDomainIdentity(ctx, \"exampleDomainIdentity\", \u0026ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMailFrom, err := ses.NewMailFrom(ctx, \"exampleMailFrom\", \u0026ses.MailFromArgs{\n\t\t\tDomain: exampleDomainIdentity.Domain,\n\t\t\tMailFromDomain: exampleDomainIdentity.Domain.ApplyT(func(domain string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"bounce.%v\", domain), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example Route53 MX record\n\t\t_, err = route53.NewRecord(ctx, \"exampleSesDomainMailFromMx\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tName: exampleMailFrom.MailFromDomain,\n\t\t\tType: pulumi.String(\"MX\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10 feedback-smtp.us-east-1.amazonses.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example Route53 TXT record for SPF\n\t\t_, err = route53.NewRecord(ctx, \"exampleSesDomainMailFromTxt\", \u0026route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tName: exampleMailFrom.MailFromDomain,\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"v=spf1 include:amazonses.com -all\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.DomainIdentity;\nimport com.pulumi.aws.ses.DomainIdentityArgs;\nimport com.pulumi.aws.ses.MailFrom;\nimport com.pulumi.aws.ses.MailFromArgs;\nimport com.pulumi.aws.route53.Record;\nimport com.pulumi.aws.route53.RecordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleDomainIdentity = new DomainIdentity(\"exampleDomainIdentity\", DomainIdentityArgs.builder() \n .domain(\"example.com\")\n .build());\n\n var exampleMailFrom = new MailFrom(\"exampleMailFrom\", MailFromArgs.builder() \n .domain(exampleDomainIdentity.domain())\n .mailFromDomain(exampleDomainIdentity.domain().applyValue(domain -\u003e String.format(\"bounce.%s\", domain)))\n .build());\n\n var exampleSesDomainMailFromMx = new Record(\"exampleSesDomainMailFromMx\", RecordArgs.builder() \n .zoneId(aws_route53_zone.example().id())\n .name(exampleMailFrom.mailFromDomain())\n .type(\"MX\")\n .ttl(\"600\")\n .records(\"10 feedback-smtp.us-east-1.amazonses.com\")\n .build());\n\n var exampleSesDomainMailFromTxt = new Record(\"exampleSesDomainMailFromTxt\", RecordArgs.builder() \n .zoneId(aws_route53_zone.example().id())\n .name(exampleMailFrom.mailFromDomain())\n .type(\"TXT\")\n .ttl(\"600\")\n .records(\"v=spf1 include:amazonses.com -all\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleMailFrom:\n type: aws:ses:MailFrom\n properties:\n domain: ${exampleDomainIdentity.domain}\n mailFromDomain: bounce.${exampleDomainIdentity.domain}\n # Example SES Domain Identity\n exampleDomainIdentity:\n type: aws:ses:DomainIdentity\n properties:\n domain: example.com\n # Example Route53 MX record\n exampleSesDomainMailFromMx:\n type: aws:route53:Record\n properties:\n zoneId: ${aws_route53_zone.example.id}\n name: ${exampleMailFrom.mailFromDomain}\n type: MX\n ttl: '600'\n records:\n - 10 feedback-smtp.us-east-1.amazonses.com\n # Example Route53 TXT record for SPF\n exampleSesDomainMailFromTxt:\n type: aws:route53:Record\n properties:\n zoneId: ${aws_route53_zone.example.id}\n name: ${exampleMailFrom.mailFromDomain}\n type: TXT\n ttl: '600'\n records:\n - v=spf1 include:amazonses.com -all\n```\n{{% /example %}}\n{{% example %}}\n### Email Identity MAIL FROM\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example SES Email Identity\nconst exampleEmailIdentity = new aws.ses.EmailIdentity(\"exampleEmailIdentity\", {email: \"user@example.com\"});\nconst exampleMailFrom = new aws.ses.MailFrom(\"exampleMailFrom\", {\n domain: exampleEmailIdentity.email,\n mailFromDomain: \"mail.example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example SES Email Identity\nexample_email_identity = aws.ses.EmailIdentity(\"exampleEmailIdentity\", email=\"user@example.com\")\nexample_mail_from = aws.ses.MailFrom(\"exampleMailFrom\",\n domain=example_email_identity.email,\n mail_from_domain=\"mail.example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example SES Email Identity\n var exampleEmailIdentity = new Aws.Ses.EmailIdentity(\"exampleEmailIdentity\", new()\n {\n Email = \"user@example.com\",\n });\n\n var exampleMailFrom = new Aws.Ses.MailFrom(\"exampleMailFrom\", new()\n {\n Domain = exampleEmailIdentity.Email,\n MailFromDomain = \"mail.example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example SES Email Identity\n\t\texampleEmailIdentity, err := ses.NewEmailIdentity(ctx, \"exampleEmailIdentity\", \u0026ses.EmailIdentityArgs{\n\t\t\tEmail: pulumi.String(\"user@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewMailFrom(ctx, \"exampleMailFrom\", \u0026ses.MailFromArgs{\n\t\t\tDomain: exampleEmailIdentity.Email,\n\t\t\tMailFromDomain: pulumi.String(\"mail.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.EmailIdentity;\nimport com.pulumi.aws.ses.EmailIdentityArgs;\nimport com.pulumi.aws.ses.MailFrom;\nimport com.pulumi.aws.ses.MailFromArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleEmailIdentity = new EmailIdentity(\"exampleEmailIdentity\", EmailIdentityArgs.builder() \n .email(\"user@example.com\")\n .build());\n\n var exampleMailFrom = new MailFrom(\"exampleMailFrom\", MailFromArgs.builder() \n .domain(exampleEmailIdentity.email())\n .mailFromDomain(\"mail.example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Example SES Email Identity\n exampleEmailIdentity:\n type: aws:ses:EmailIdentity\n properties:\n email: user@example.com\n exampleMailFrom:\n type: aws:ses:MailFrom\n properties:\n domain: ${exampleEmailIdentity.email}\n mailFromDomain: mail.example.com\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import MAIL FROM domain using the `domain` attribute. For example:\n\n```sh\n $ pulumi import aws:ses/mailFrom:MailFrom example example.com\n```\n ", "properties": { "behaviorOnMxFailure": { "type": "string", @@ -325343,7 +325343,7 @@ } }, "aws:ses/receiptRule:ReceiptRule": { - "description": "Provides an SES receipt rule resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Add a header to the email and store it in S3\nconst store = new aws.ses.ReceiptRule(\"store\", {\n addHeaderActions: [{\n headerName: \"Custom-Header\",\n headerValue: \"Added by SES\",\n position: 1,\n }],\n enabled: true,\n recipients: [\"karen@example.com\"],\n ruleSetName: \"default-rule-set\",\n s3Actions: [{\n bucketName: \"emails\",\n position: 2,\n }],\n scanEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Add a header to the email and store it in S3\nstore = aws.ses.ReceiptRule(\"store\",\n add_header_actions=[aws.ses.ReceiptRuleAddHeaderActionArgs(\n header_name=\"Custom-Header\",\n header_value=\"Added by SES\",\n position=1,\n )],\n enabled=True,\n recipients=[\"karen@example.com\"],\n rule_set_name=\"default-rule-set\",\n s3_actions=[aws.ses.ReceiptRuleS3ActionArgs(\n bucket_name=\"emails\",\n position=2,\n )],\n scan_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Add a header to the email and store it in S3\n var store = new Aws.Ses.ReceiptRule(\"store\", new()\n {\n AddHeaderActions = new[]\n {\n new Aws.Ses.Inputs.ReceiptRuleAddHeaderActionArgs\n {\n HeaderName = \"Custom-Header\",\n HeaderValue = \"Added by SES\",\n Position = 1,\n },\n },\n Enabled = true,\n Recipients = new[]\n {\n \"karen@example.com\",\n },\n RuleSetName = \"default-rule-set\",\n S3Actions = new[]\n {\n new Aws.Ses.Inputs.ReceiptRuleS3ActionArgs\n {\n BucketName = \"emails\",\n Position = 2,\n },\n },\n ScanEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewReceiptRule(ctx, \"store\", \u0026ses.ReceiptRuleArgs{\n\t\t\tAddHeaderActions: ses.ReceiptRuleAddHeaderActionArray{\n\t\t\t\t\u0026ses.ReceiptRuleAddHeaderActionArgs{\n\t\t\t\t\tHeaderName: pulumi.String(\"Custom-Header\"),\n\t\t\t\t\tHeaderValue: pulumi.String(\"Added by SES\"),\n\t\t\t\t\tPosition: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRecipients: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"karen@example.com\"),\n\t\t\t},\n\t\t\tRuleSetName: pulumi.String(\"default-rule-set\"),\n\t\t\tS3Actions: ses.ReceiptRuleS3ActionArray{\n\t\t\t\t\u0026ses.ReceiptRuleS3ActionArgs{\n\t\t\t\t\tBucketName: pulumi.String(\"emails\"),\n\t\t\t\t\tPosition: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t},\n\t\t\tScanEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.ReceiptRule;\nimport com.pulumi.aws.ses.ReceiptRuleArgs;\nimport com.pulumi.aws.ses.inputs.ReceiptRuleAddHeaderActionArgs;\nimport com.pulumi.aws.ses.inputs.ReceiptRuleS3ActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var store = new ReceiptRule(\"store\", ReceiptRuleArgs.builder() \n .addHeaderActions(ReceiptRuleAddHeaderActionArgs.builder()\n .headerName(\"Custom-Header\")\n .headerValue(\"Added by SES\")\n .position(1)\n .build())\n .enabled(true)\n .recipients(\"karen@example.com\")\n .ruleSetName(\"default-rule-set\")\n .s3Actions(ReceiptRuleS3ActionArgs.builder()\n .bucketName(\"emails\")\n .position(2)\n .build())\n .scanEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Add a header to the email and store it in S3\n store:\n type: aws:ses:ReceiptRule\n properties:\n addHeaderActions:\n - headerName: Custom-Header\n headerValue: Added by SES\n position: 1\n enabled: true\n recipients:\n - karen@example.com\n ruleSetName: default-rule-set\n s3Actions:\n - bucketName: emails\n position: 2\n scanEnabled: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import SES receipt rules using the ruleset name and rule name separated by `:`. For example:\n\n```sh\n $ pulumi import aws:ses/receiptRule:ReceiptRule my_rule my_rule_set:my_rule\n```\n ", + "description": "Provides an SES receipt rule resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Add a header to the email and store it in S3\nconst store = new aws.ses.ReceiptRule(\"store\", {\n addHeaderActions: [{\n headerName: \"Custom-Header\",\n headerValue: \"Added by SES\",\n position: 1,\n }],\n enabled: true,\n recipients: [\"karen@example.com\"],\n ruleSetName: \"default-rule-set\",\n s3Actions: [{\n bucketName: \"emails\",\n position: 2,\n }],\n scanEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Add a header to the email and store it in S3\nstore = aws.ses.ReceiptRule(\"store\",\n add_header_actions=[aws.ses.ReceiptRuleAddHeaderActionArgs(\n header_name=\"Custom-Header\",\n header_value=\"Added by SES\",\n position=1,\n )],\n enabled=True,\n recipients=[\"karen@example.com\"],\n rule_set_name=\"default-rule-set\",\n s3_actions=[aws.ses.ReceiptRuleS3ActionArgs(\n bucket_name=\"emails\",\n position=2,\n )],\n scan_enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Add a header to the email and store it in S3\n var store = new Aws.Ses.ReceiptRule(\"store\", new()\n {\n AddHeaderActions = new[]\n {\n new Aws.Ses.Inputs.ReceiptRuleAddHeaderActionArgs\n {\n HeaderName = \"Custom-Header\",\n HeaderValue = \"Added by SES\",\n Position = 1,\n },\n },\n Enabled = true,\n Recipients = new[]\n {\n \"karen@example.com\",\n },\n RuleSetName = \"default-rule-set\",\n S3Actions = new[]\n {\n new Aws.Ses.Inputs.ReceiptRuleS3ActionArgs\n {\n BucketName = \"emails\",\n Position = 2,\n },\n },\n ScanEnabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Add a header to the email and store it in S3\n\t\t_, err := ses.NewReceiptRule(ctx, \"store\", \u0026ses.ReceiptRuleArgs{\n\t\t\tAddHeaderActions: ses.ReceiptRuleAddHeaderActionArray{\n\t\t\t\t\u0026ses.ReceiptRuleAddHeaderActionArgs{\n\t\t\t\t\tHeaderName: pulumi.String(\"Custom-Header\"),\n\t\t\t\t\tHeaderValue: pulumi.String(\"Added by SES\"),\n\t\t\t\t\tPosition: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRecipients: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"karen@example.com\"),\n\t\t\t},\n\t\t\tRuleSetName: pulumi.String(\"default-rule-set\"),\n\t\t\tS3Actions: ses.ReceiptRuleS3ActionArray{\n\t\t\t\t\u0026ses.ReceiptRuleS3ActionArgs{\n\t\t\t\t\tBucketName: pulumi.String(\"emails\"),\n\t\t\t\t\tPosition: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t},\n\t\t\tScanEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ses.ReceiptRule;\nimport com.pulumi.aws.ses.ReceiptRuleArgs;\nimport com.pulumi.aws.ses.inputs.ReceiptRuleAddHeaderActionArgs;\nimport com.pulumi.aws.ses.inputs.ReceiptRuleS3ActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var store = new ReceiptRule(\"store\", ReceiptRuleArgs.builder() \n .addHeaderActions(ReceiptRuleAddHeaderActionArgs.builder()\n .headerName(\"Custom-Header\")\n .headerValue(\"Added by SES\")\n .position(1)\n .build())\n .enabled(true)\n .recipients(\"karen@example.com\")\n .ruleSetName(\"default-rule-set\")\n .s3Actions(ReceiptRuleS3ActionArgs.builder()\n .bucketName(\"emails\")\n .position(2)\n .build())\n .scanEnabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Add a header to the email and store it in S3\n store:\n type: aws:ses:ReceiptRule\n properties:\n addHeaderActions:\n - headerName: Custom-Header\n headerValue: Added by SES\n position: 1\n enabled: true\n recipients:\n - karen@example.com\n ruleSetName: default-rule-set\n s3Actions:\n - bucketName: emails\n position: 2\n scanEnabled: true\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import SES receipt rules using the ruleset name and rule name separated by `:`. For example:\n\n```sh\n $ pulumi import aws:ses/receiptRule:ReceiptRule my_rule my_rule_set:my_rule\n```\n ", "properties": { "addHeaderActions": { "type": "array", @@ -326750,7 +326750,7 @@ } }, "aws:sfn/stateMachine:StateMachine": { - "description": "Provides a Step Function State Machine resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic (Standard Workflow)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new()\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", \u0026sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(`{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%v\",\n \"End\": true\n }\n }\n}\n`, aws_lambda_function.Lambda.Arn)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sfn.StateMachine;\nimport com.pulumi.aws.sfn.StateMachineArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sfnStateMachine = new StateMachine(\"sfnStateMachine\", StateMachineArgs.builder() \n .roleArn(aws_iam_role.iam_for_sfn().arn())\n .definition(\"\"\"\n{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%s\",\n \"End\": true\n }\n }\n}\n\", aws_lambda_function.lambda().arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ...\n sfnStateMachine:\n type: aws:sfn:StateMachine\n properties:\n roleArn: ${aws_iam_role.iam_for_sfn.arn}\n definition: |\n {\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n }\n```\n{{% /example %}}\n{{% example %}}\n### Basic (Express Workflow)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n type: \"EXPRESS\",\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n type=\"EXPRESS\",\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new()\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Type = \"EXPRESS\",\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", \u0026sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tType: pulumi.String(\"EXPRESS\"),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(`{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%v\",\n \"End\": true\n }\n }\n}\n`, aws_lambda_function.Lambda.Arn)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sfn.StateMachine;\nimport com.pulumi.aws.sfn.StateMachineArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sfnStateMachine = new StateMachine(\"sfnStateMachine\", StateMachineArgs.builder() \n .roleArn(aws_iam_role.iam_for_sfn().arn())\n .type(\"EXPRESS\")\n .definition(\"\"\"\n{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%s\",\n \"End\": true\n }\n }\n}\n\", aws_lambda_function.lambda().arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ...\n sfnStateMachine:\n type: aws:sfn:StateMachine\n properties:\n roleArn: ${aws_iam_role.iam_for_sfn.arn}\n type: EXPRESS\n definition: |\n {\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n }\n```\n{{% /example %}}\n{{% example %}}\n### Publish (Publish SFN version)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n publish: true,\n type: \"EXPRESS\",\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n publish=True,\n type=\"EXPRESS\",\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new()\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Publish = true,\n Type = \"EXPRESS\",\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", \u0026sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tPublish: pulumi.Bool(true),\n\t\t\tType: pulumi.String(\"EXPRESS\"),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(`{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%v\",\n \"End\": true\n }\n }\n}\n`, aws_lambda_function.Lambda.Arn)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sfn.StateMachine;\nimport com.pulumi.aws.sfn.StateMachineArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sfnStateMachine = new StateMachine(\"sfnStateMachine\", StateMachineArgs.builder() \n .roleArn(aws_iam_role.iam_for_sfn().arn())\n .publish(true)\n .type(\"EXPRESS\")\n .definition(\"\"\"\n{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%s\",\n \"End\": true\n }\n }\n}\n\", aws_lambda_function.lambda().arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ...\n sfnStateMachine:\n type: aws:sfn:StateMachine\n properties:\n roleArn: ${aws_iam_role.iam_for_sfn.arn}\n publish: true\n type: EXPRESS\n definition: |\n {\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n }\n```\n{{% /example %}}\n{{% example %}}\n### Logging\n\n\u003e *NOTE:* See the [AWS Step Functions Developer Guide](https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html) for more information about enabling Step Function logging.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n loggingConfiguration: {\n logDestination: `${aws_cloudwatch_log_group.log_group_for_sfn.arn}:*`,\n includeExecutionData: true,\n level: \"ERROR\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\",\n logging_configuration=aws.sfn.StateMachineLoggingConfigurationArgs(\n log_destination=f\"{aws_cloudwatch_log_group['log_group_for_sfn']['arn']}:*\",\n include_execution_data=True,\n level=\"ERROR\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new()\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n LoggingConfiguration = new Aws.Sfn.Inputs.StateMachineLoggingConfigurationArgs\n {\n LogDestination = $\"{aws_cloudwatch_log_group.Log_group_for_sfn.Arn}:*\",\n IncludeExecutionData = true,\n Level = \"ERROR\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", \u0026sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(`{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%v\",\n \"End\": true\n }\n }\n}\n`, aws_lambda_function.Lambda.Arn)),\n\t\t\tLoggingConfiguration: \u0026sfn.StateMachineLoggingConfigurationArgs{\n\t\t\t\tLogDestination: pulumi.String(fmt.Sprintf(\"%v:*\", aws_cloudwatch_log_group.Log_group_for_sfn.Arn)),\n\t\t\t\tIncludeExecutionData: pulumi.Bool(true),\n\t\t\t\tLevel: pulumi.String(\"ERROR\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sfn.StateMachine;\nimport com.pulumi.aws.sfn.StateMachineArgs;\nimport com.pulumi.aws.sfn.inputs.StateMachineLoggingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sfnStateMachine = new StateMachine(\"sfnStateMachine\", StateMachineArgs.builder() \n .roleArn(aws_iam_role.iam_for_sfn().arn())\n .definition(\"\"\"\n{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%s\",\n \"End\": true\n }\n }\n}\n\", aws_lambda_function.lambda().arn()))\n .loggingConfiguration(StateMachineLoggingConfigurationArgs.builder()\n .logDestination(String.format(\"%s:*\", aws_cloudwatch_log_group.log_group_for_sfn().arn()))\n .includeExecutionData(true)\n .level(\"ERROR\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ...\n sfnStateMachine:\n type: aws:sfn:StateMachine\n properties:\n roleArn: ${aws_iam_role.iam_for_sfn.arn}\n definition: |\n {\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n }\n loggingConfiguration:\n logDestination: ${aws_cloudwatch_log_group.log_group_for_sfn.arn}:*\n includeExecutionData: true\n level: ERROR\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import State Machines using the `arn`. For example:\n\n```sh\n $ pulumi import aws:sfn/stateMachine:StateMachine foo arn:aws:states:eu-west-1:123456789098:stateMachine:bar\n```\n ", + "description": "Provides a Step Function State Machine resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic (Standard Workflow)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new()\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ...\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", \u0026sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(`{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%v\",\n \"End\": true\n }\n }\n}\n`, aws_lambda_function.Lambda.Arn)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sfn.StateMachine;\nimport com.pulumi.aws.sfn.StateMachineArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sfnStateMachine = new StateMachine(\"sfnStateMachine\", StateMachineArgs.builder() \n .roleArn(aws_iam_role.iam_for_sfn().arn())\n .definition(\"\"\"\n{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%s\",\n \"End\": true\n }\n }\n}\n\", aws_lambda_function.lambda().arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ...\n sfnStateMachine:\n type: aws:sfn:StateMachine\n properties:\n roleArn: ${aws_iam_role.iam_for_sfn.arn}\n definition: |\n {\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n }\n```\n{{% /example %}}\n{{% example %}}\n### Basic (Express Workflow)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n type: \"EXPRESS\",\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n type=\"EXPRESS\",\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new()\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Type = \"EXPRESS\",\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ...\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", \u0026sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tType: pulumi.String(\"EXPRESS\"),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(`{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%v\",\n \"End\": true\n }\n }\n}\n`, aws_lambda_function.Lambda.Arn)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sfn.StateMachine;\nimport com.pulumi.aws.sfn.StateMachineArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sfnStateMachine = new StateMachine(\"sfnStateMachine\", StateMachineArgs.builder() \n .roleArn(aws_iam_role.iam_for_sfn().arn())\n .type(\"EXPRESS\")\n .definition(\"\"\"\n{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%s\",\n \"End\": true\n }\n }\n}\n\", aws_lambda_function.lambda().arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ...\n sfnStateMachine:\n type: aws:sfn:StateMachine\n properties:\n roleArn: ${aws_iam_role.iam_for_sfn.arn}\n type: EXPRESS\n definition: |\n {\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n }\n```\n{{% /example %}}\n{{% example %}}\n### Publish (Publish SFN version)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n publish: true,\n type: \"EXPRESS\",\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n publish=True,\n type=\"EXPRESS\",\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new()\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Publish = true,\n Type = \"EXPRESS\",\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ...\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", \u0026sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tPublish: pulumi.Bool(true),\n\t\t\tType: pulumi.String(\"EXPRESS\"),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(`{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%v\",\n \"End\": true\n }\n }\n}\n`, aws_lambda_function.Lambda.Arn)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sfn.StateMachine;\nimport com.pulumi.aws.sfn.StateMachineArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sfnStateMachine = new StateMachine(\"sfnStateMachine\", StateMachineArgs.builder() \n .roleArn(aws_iam_role.iam_for_sfn().arn())\n .publish(true)\n .type(\"EXPRESS\")\n .definition(\"\"\"\n{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%s\",\n \"End\": true\n }\n }\n}\n\", aws_lambda_function.lambda().arn()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ...\n sfnStateMachine:\n type: aws:sfn:StateMachine\n properties:\n roleArn: ${aws_iam_role.iam_for_sfn.arn}\n publish: true\n type: EXPRESS\n definition: |\n {\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n }\n```\n{{% /example %}}\n{{% example %}}\n### Logging\n\n\u003e *NOTE:* See the [AWS Step Functions Developer Guide](https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html) for more information about enabling Step Function logging.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n loggingConfiguration: {\n logDestination: `${aws_cloudwatch_log_group.log_group_for_sfn.arn}:*`,\n includeExecutionData: true,\n level: \"ERROR\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\",\n logging_configuration=aws.sfn.StateMachineLoggingConfigurationArgs(\n log_destination=f\"{aws_cloudwatch_log_group['log_group_for_sfn']['arn']}:*\",\n include_execution_data=True,\n level=\"ERROR\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new()\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n LoggingConfiguration = new Aws.Sfn.Inputs.StateMachineLoggingConfigurationArgs\n {\n LogDestination = $\"{aws_cloudwatch_log_group.Log_group_for_sfn.Arn}:*\",\n IncludeExecutionData = true,\n Level = \"ERROR\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ...\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", \u0026sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(`{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%v\",\n \"End\": true\n }\n }\n}\n`, aws_lambda_function.Lambda.Arn)),\n\t\t\tLoggingConfiguration: \u0026sfn.StateMachineLoggingConfigurationArgs{\n\t\t\t\tLogDestination: pulumi.String(fmt.Sprintf(\"%v:*\", aws_cloudwatch_log_group.Log_group_for_sfn.Arn)),\n\t\t\t\tIncludeExecutionData: pulumi.Bool(true),\n\t\t\t\tLevel: pulumi.String(\"ERROR\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sfn.StateMachine;\nimport com.pulumi.aws.sfn.StateMachineArgs;\nimport com.pulumi.aws.sfn.inputs.StateMachineLoggingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sfnStateMachine = new StateMachine(\"sfnStateMachine\", StateMachineArgs.builder() \n .roleArn(aws_iam_role.iam_for_sfn().arn())\n .definition(\"\"\"\n{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"%s\",\n \"End\": true\n }\n }\n}\n\", aws_lambda_function.lambda().arn()))\n .loggingConfiguration(StateMachineLoggingConfigurationArgs.builder()\n .logDestination(String.format(\"%s:*\", aws_cloudwatch_log_group.log_group_for_sfn().arn()))\n .includeExecutionData(true)\n .level(\"ERROR\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # ...\n sfnStateMachine:\n type: aws:sfn:StateMachine\n properties:\n roleArn: ${aws_iam_role.iam_for_sfn.arn}\n definition: |\n {\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n }\n loggingConfiguration:\n logDestination: ${aws_cloudwatch_log_group.log_group_for_sfn.arn}:*\n includeExecutionData: true\n level: ERROR\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import State Machines using the `arn`. For example:\n\n```sh\n $ pulumi import aws:sfn/stateMachine:StateMachine foo arn:aws:states:eu-west-1:123456789098:stateMachine:bar\n```\n ", "properties": { "arn": { "type": "string", @@ -328749,7 +328749,7 @@ } }, "aws:sns/topicSubscription:TopicSubscription": { - "description": "Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues.\n\n\u003e **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription.\n\n\u003e **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic.\n\n\u003e **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nYou can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"userUpdatesSqsTarget\", {\n endpoint: \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol: \"sqs\",\n topic: \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n endpoint=\"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol=\"sqs\",\n topic=\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new()\n {\n Endpoint = \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n Protocol = \"sqs\",\n Topic = \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tEndpoint: pulumi.String(\"arn:aws:sqs:us-west-2:432981146916:queue-too\"),\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tTopic: pulumi.Any(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .endpoint(\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n .protocol(\"sqs\")\n .topic(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n properties:\n endpoint: arn:aws:sqs:us-west-2:432981146916:queue-too\n protocol: sqs\n topic: arn:aws:sns:us-west-2:432981146916:user-updates-topic\n```\n\nAlternatively you can use the ARN properties of a managed SNS topic and SQS queue:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"userUpdates\", {});\nconst userUpdatesQueue = new aws.sqs.Queue(\"userUpdatesQueue\", {});\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"userUpdatesSqsTarget\", {\n topic: userUpdates.arn,\n protocol: \"sqs\",\n endpoint: userUpdatesQueue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"userUpdates\")\nuser_updates_queue = aws.sqs.Queue(\"userUpdatesQueue\")\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n topic=user_updates.arn,\n protocol=\"sqs\",\n endpoint=user_updates_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdates = new Aws.Sns.Topic(\"userUpdates\");\n\n var userUpdatesQueue = new Aws.Sqs.Queue(\"userUpdatesQueue\");\n\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new()\n {\n Topic = userUpdates.Arn,\n Protocol = \"sqs\",\n Endpoint = userUpdatesQueue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUpdates, err := sns.NewTopic(ctx, \"userUpdates\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserUpdatesQueue, err := sqs.NewQueue(ctx, \"userUpdatesQueue\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: userUpdates.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: userUpdatesQueue.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdates = new Topic(\"userUpdates\");\n\n var userUpdatesQueue = new Queue(\"userUpdatesQueue\");\n\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .topic(userUpdates.arn())\n .protocol(\"sqs\")\n .endpoint(userUpdatesQueue.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdates:\n type: aws:sns:Topic\n userUpdatesQueue:\n type: aws:sqs:Queue\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${userUpdates.arn}\n protocol: sqs\n endpoint: ${userUpdatesQueue.arn}\n```\n\nYou can subscribe SNS topics to SQS queues in different Amazon accounts and regions:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst sns = config.getObject\u003c{account-id?: string, display_name?: string, name?: string, region?: string, role-name?: string}\u003e(\"sns\") || {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n name: \"example-sns-topic\",\n display_name: \"example\",\n region: \"us-west-1\",\n};\nconst sqs = config.getObject\u003c{account-id?: string, name?: string, region?: string, role-name?: string}\u003e(\"sqs\") || {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n name: \"example-sqs-queue\",\n region: \"us-east-1\",\n};\nconst sns-topic-policy = aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [sns[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__default_statement_ID\",\n },\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions: [{\n test: \"StringLike\",\n variable: \"SNS:Endpoint\",\n values: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__console_sub_0\",\n },\n ],\n});\nconst sqs-queue-policy = aws.iam.getPolicyDocument({\n policyId: `arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}/SQSDefaultPolicy`,\n statements: [{\n sid: \"example-sns-topic\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n actions: [\"SQS:SendMessage\"],\n resources: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n }],\n }],\n});\n// provider to manage SNS topics\nconst awsSns = new aws.Provider(\"awsSns\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sns[\"account-id\"]}:role/${sns[\"role-name\"]}`,\n sessionName: `sns-${sns.region}`,\n },\n});\n// provider to manage SQS queues\nconst awsSqs = new aws.Provider(\"awsSqs\", {\n region: sqs.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sqs-${sqs.region}`,\n },\n});\n// provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nconst sns2sqs = new aws.Provider(\"sns2sqs\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sns2sqs-${sns.region}`,\n },\n});\nconst sns_topicTopic = new aws.sns.Topic(\"sns-topicTopic\", {\n displayName: sns.display_name,\n policy: sns_topic_policy.then(sns_topic_policy =\u003e sns_topic_policy.json),\n}, {\n provider: aws.sns,\n});\nconst sqs_queue = new aws.sqs.Queue(\"sqs-queue\", {policy: sqs_queue_policy.then(sqs_queue_policy =\u003e sqs_queue_policy.json)}, {\n provider: aws.sqs,\n});\nconst sns_topicTopicSubscription = new aws.sns.TopicSubscription(\"sns-topicTopicSubscription\", {\n topic: sns_topicTopic.arn,\n protocol: \"sqs\",\n endpoint: sqs_queue.arn,\n}, {\n provider: aws.sns2sqs,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsns = config.get_object(\"sns\")\nif sns is None:\n sns = {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sns-topic\",\n \"display_name\": \"example\",\n \"region\": \"us-west-1\",\n }\nsqs = config.get_object(\"sqs\")\nif sqs is None:\n sqs = {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sqs-queue\",\n \"region\": \"us-east-1\",\n }\nsns_topic_policy = aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[sns[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__default_statement_ID\",\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"SNS:Endpoint\",\n values=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__console_sub_0\",\n ),\n ])\nsqs_queue_policy = aws.iam.get_policy_document(policy_id=f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}/SQSDefaultPolicy\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"example-sns-topic\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n actions=[\"SQS:SendMessage\"],\n resources=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n )],\n )])\n# provider to manage SNS topics\naws_sns = aws.Provider(\"awsSns\",\n region=sns[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sns['account-id']}:role/{sns['role-name']}\",\n session_name=f\"sns-{sns['region']}\",\n ))\n# provider to manage SQS queues\naws_sqs = aws.Provider(\"awsSqs\",\n region=sqs[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sqs-{sqs['region']}\",\n ))\n# provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nsns2sqs = aws.Provider(\"sns2sqs\",\n region=sns[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sns2sqs-{sns['region']}\",\n ))\nsns_topic_topic = aws.sns.Topic(\"sns-topicTopic\",\n display_name=sns[\"display_name\"],\n policy=sns_topic_policy.json,\n opts=pulumi.ResourceOptions(provider=aws[\"sns\"]))\nsqs_queue = aws.sqs.Queue(\"sqs-queue\", policy=sqs_queue_policy.json,\nopts=pulumi.ResourceOptions(provider=aws[\"sqs\"]))\nsns_topic_topic_subscription = aws.sns.TopicSubscription(\"sns-topicTopicSubscription\",\n topic=sns_topic_topic.arn,\n protocol=\"sqs\",\n endpoint=sqs_queue.arn,\n opts=pulumi.ResourceOptions(provider=aws[\"sns2sqs\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var sns = config.GetObject\u003cSns\u003e(\"sns\") ?? \n {\n { \"account-id\", \"111111111111\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sns-topic\" },\n { \"display_name\", \"example\" },\n { \"region\", \"us-west-1\" },\n };\n var sqs = config.GetObject\u003cSqs\u003e(\"sqs\") ?? \n {\n { \"account-id\", \"222222222222\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sqs-queue\" },\n { \"region\", \"us-east-1\" },\n };\n var sns_topic_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n sns.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__default_statement_ID\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"SNS:Endpoint\",\n Values = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__console_sub_0\",\n },\n },\n });\n\n var sqs_queue_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}/SQSDefaultPolicy\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example-sns-topic\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"SQS:SendMessage\",\n },\n Resources = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n },\n },\n },\n },\n });\n\n // provider to manage SNS topics\n var awsSns = new Aws.Provider(\"awsSns\", new()\n {\n Region = sns.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sns.Account_id}:role/{sns.Role_name}\",\n SessionName = $\"sns-{sns.Region}\",\n },\n });\n\n // provider to manage SQS queues\n var awsSqs = new Aws.Provider(\"awsSqs\", new()\n {\n Region = sqs.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sqs-{sqs.Region}\",\n },\n });\n\n // provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n var sns2sqs = new Aws.Provider(\"sns2sqs\", new()\n {\n Region = sns.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sns2sqs-{sns.Region}\",\n },\n });\n\n var sns_topicTopic = new Aws.Sns.Topic(\"sns-topicTopic\", new()\n {\n DisplayName = sns.Display_name,\n Policy = sns_topic_policy.Apply(sns_topic_policy =\u003e sns_topic_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n }, new CustomResourceOptions\n {\n Provider = aws.Sns,\n });\n\n var sqs_queue = new Aws.Sqs.Queue(\"sqs-queue\", new()\n {\n Policy = sqs_queue_policy.Apply(sqs_queue_policy =\u003e sqs_queue_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n }, new CustomResourceOptions\n {\n Provider = aws.Sqs,\n });\n\n var sns_topicTopicSubscription = new Aws.Sns.TopicSubscription(\"sns-topicTopicSubscription\", new()\n {\n Topic = sns_topicTopic.Arn,\n Protocol = \"sqs\",\n Endpoint = sqs_queue.Arn,\n }, new CustomResourceOptions\n {\n Provider = aws.Sns2sqs,\n });\n\n});\n\npublic class Sns\n{\n public string account-id { get; set; }\n public string display_name { get; set; }\n public string name { get; set; }\n public string region { get; set; }\n public string role-name { get; set; }\n}\n\npublic class Sqs\n{\n public string account-id { get; set; }\n public string name { get; set; }\n public string region { get; set; }\n public string role-name { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nsns := map[string]interface{}{\n\"account-id\": \"111111111111\",\n\"role-name\": \"service/service\",\n\"name\": \"example-sns-topic\",\n\"display_name\": \"example\",\n\"region\": \"us-west-1\",\n};\nif param := cfg.GetObject(\"sns\"); param != nil {\nsns = param\n}\nsqs := map[string]interface{}{\n\"account-id\": \"222222222222\",\n\"role-name\": \"service/service\",\n\"name\": \"example-sqs-queue\",\n\"region\": \"us-east-1\",\n};\nif param := cfg.GetObject(\"sqs\"); param != nil {\nsqs = param\n}\nsns_topic_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(\"__default_policy_ID\"),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\nsns.AccountId,\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__default_statement_ID\"),\n},\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Receive\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringLike\",\nVariable: \"SNS:Endpoint\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__console_sub_0\"),\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsqs_queue_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(fmt.Sprintf(\"arn:aws:sqs:%v:%v:%v/SQSDefaultPolicy\", sqs.Region, sqs.AccountId, sqs.Name)),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"example-sns-topic\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"SQS:SendMessage\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = aws.NewProvider(ctx, \"awsSns\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sns.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sns.AccountId, sns.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sns-%v\", sns.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = aws.NewProvider(ctx, \"awsSqs\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sqs.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sqs.AccountId, sqs.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sqs-%v\", sqs.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = aws.NewProvider(ctx, \"sns2sqs\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sns.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sqs.AccountId, sqs.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sns2sqs-%v\", sns.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopic(ctx, \"sns-topicTopic\", \u0026sns.TopicArgs{\nDisplayName: *pulumi.String(sns.Display_name),\nPolicy: *pulumi.String(sns_topic_policy.Json),\n}, pulumi.Provider(aws.Sns))\nif err != nil {\nreturn err\n}\n_, err = sqs.NewQueue(ctx, \"sqs-queue\", \u0026sqs.QueueArgs{\nPolicy: *pulumi.String(sqs_queue_policy.Json),\n}, pulumi.Provider(aws.Sqs))\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"sns-topicTopicSubscription\", \u0026sns.TopicSubscriptionArgs{\nTopic: sns_topicTopic.Arn,\nProtocol: pulumi.String(\"sqs\"),\nEndpoint: sqs_queue.Arn,\n}, pulumi.Provider(aws.Sns2sqs))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.inputs.ProviderAssumeRoleArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var sns = config.get(\"sns\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sqs = config.get(\"sqs\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sns-topic-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(sns.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__default_statement_ID\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Receive\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"SNS:Endpoint\")\n .values(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__console_sub_0\")\n .build())\n .build());\n\n final var sqs-queue-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(String.format(\"arn:aws:sqs:%s:%s:%s/SQSDefaultPolicy\", sqs.region(),sqs.account-id(),sqs.name()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example-sns-topic\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .actions(\"SQS:SendMessage\")\n .resources(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .build())\n .build())\n .build());\n\n var awsSns = new Provider(\"awsSns\", ProviderArgs.builder() \n .region(sns.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sns.account-id(),sns.role-name()))\n .sessionName(String.format(\"sns-%s\", sns.region()))\n .build())\n .build());\n\n var awsSqs = new Provider(\"awsSqs\", ProviderArgs.builder() \n .region(sqs.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sqs.account-id(),sqs.role-name()))\n .sessionName(String.format(\"sqs-%s\", sqs.region()))\n .build())\n .build());\n\n var sns2sqs = new Provider(\"sns2sqs\", ProviderArgs.builder() \n .region(sns.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sqs.account-id(),sqs.role-name()))\n .sessionName(String.format(\"sns2sqs-%s\", sns.region()))\n .build())\n .build());\n\n var sns_topicTopic = new Topic(\"sns-topicTopic\", TopicArgs.builder() \n .displayName(sns.display_name())\n .policy(sns_topic_policy.json())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sns())\n .build());\n\n var sqs_queue = new Queue(\"sqs-queue\", QueueArgs.builder() \n .policy(sqs_queue_policy.json())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sqs())\n .build());\n\n var sns_topicTopicSubscription = new TopicSubscription(\"sns-topicTopicSubscription\", TopicSubscriptionArgs.builder() \n .topic(sns_topicTopic.arn())\n .protocol(\"sqs\")\n .endpoint(sqs_queue.arn())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sns2sqs())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n sns:\n type: object({account-id = union(none, string), display_name = union(none, string), name = union(none, string), region = union(none, string), role-name = union(none, string)})\n default:\n account-id: '111111111111'\n role-name: service/service\n name: example-sns-topic\n display_name: example\n region: us-west-1\n sqs:\n type: object({account-id = union(none, string), name = union(none, string), region = union(none, string), role-name = union(none, string)})\n default:\n account-id: '222222222222'\n role-name: service/service\n name: example-sqs-queue\n region: us-east-1\nresources:\n # provider to manage SNS topics\n awsSns:\n type: pulumi:providers:aws\n properties:\n region: ${sns.region}\n assumeRole:\n roleArn: arn:aws:iam::${sns\"account-id\"[%!s(MISSING)]}:role/${sns\"role-name\"[%!s(MISSING)]}\n sessionName: sns-${sns.region}\n # provider to manage SQS queues\n awsSqs:\n type: pulumi:providers:aws\n properties:\n region: ${sqs.region}\n assumeRole:\n roleArn: arn:aws:iam::${sqs\"account-id\"[%!s(MISSING)]}:role/${sqs\"role-name\"[%!s(MISSING)]}\n sessionName: sqs-${sqs.region}\n # provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n sns2sqs:\n type: pulumi:providers:aws\n properties:\n region: ${sns.region}\n assumeRole:\n roleArn: arn:aws:iam::${sqs\"account-id\"[%!s(MISSING)]}:role/${sqs\"role-name\"[%!s(MISSING)]}\n sessionName: sns2sqs-${sns.region}\n sns-topicTopic:\n type: aws:sns:Topic\n properties:\n displayName: ${sns.display_name}\n policy: ${[\"sns-topic-policy\"].json}\n options:\n provider: ${aws.sns}\n sqs-queue:\n type: aws:sqs:Queue\n properties:\n policy: ${[\"sqs-queue-policy\"].json}\n options:\n provider: ${aws.sqs}\n sns-topicTopicSubscription:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${[\"sns-topicTopic\"].arn}\n protocol: sqs\n endpoint: ${[\"sqs-queue\"].arn}\n options:\n provider: ${aws.sns2sqs}\nvariables:\n sns-topic-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${sns\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __default_statement_ID\n - actions:\n - SNS:Subscribe\n - SNS:Receive\n conditions:\n - test: StringLike\n variable: SNS:Endpoint\n values:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __console_sub_0\n sqs-queue-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}/SQSDefaultPolicy\n statements:\n - sid: example-sns-topic\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n actions:\n - SQS:SendMessage\n resources:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import SNS Topic Subscriptions using the subscription `arn`. For example:\n\n```sh\n $ pulumi import aws:sns/topicSubscription:TopicSubscription user_updates_sqs_target arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f\n```\n ", + "description": "Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues.\n\n\u003e **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription.\n\n\u003e **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic.\n\n\u003e **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nYou can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"userUpdatesSqsTarget\", {\n endpoint: \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol: \"sqs\",\n topic: \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n endpoint=\"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol=\"sqs\",\n topic=\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new()\n {\n Endpoint = \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n Protocol = \"sqs\",\n Topic = \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tEndpoint: pulumi.String(\"arn:aws:sqs:us-west-2:432981146916:queue-too\"),\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tTopic: pulumi.Any(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .endpoint(\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n .protocol(\"sqs\")\n .topic(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n properties:\n endpoint: arn:aws:sqs:us-west-2:432981146916:queue-too\n protocol: sqs\n topic: arn:aws:sns:us-west-2:432981146916:user-updates-topic\n```\n\nAlternatively you can use the ARN properties of a managed SNS topic and SQS queue:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"userUpdates\", {});\nconst userUpdatesQueue = new aws.sqs.Queue(\"userUpdatesQueue\", {});\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"userUpdatesSqsTarget\", {\n topic: userUpdates.arn,\n protocol: \"sqs\",\n endpoint: userUpdatesQueue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"userUpdates\")\nuser_updates_queue = aws.sqs.Queue(\"userUpdatesQueue\")\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n topic=user_updates.arn,\n protocol=\"sqs\",\n endpoint=user_updates_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdates = new Aws.Sns.Topic(\"userUpdates\");\n\n var userUpdatesQueue = new Aws.Sqs.Queue(\"userUpdatesQueue\");\n\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new()\n {\n Topic = userUpdates.Arn,\n Protocol = \"sqs\",\n Endpoint = userUpdatesQueue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUpdates, err := sns.NewTopic(ctx, \"userUpdates\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserUpdatesQueue, err := sqs.NewQueue(ctx, \"userUpdatesQueue\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: userUpdates.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: userUpdatesQueue.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdates = new Topic(\"userUpdates\");\n\n var userUpdatesQueue = new Queue(\"userUpdatesQueue\");\n\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder() \n .topic(userUpdates.arn())\n .protocol(\"sqs\")\n .endpoint(userUpdatesQueue.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdates:\n type: aws:sns:Topic\n userUpdatesQueue:\n type: aws:sqs:Queue\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${userUpdates.arn}\n protocol: sqs\n endpoint: ${userUpdatesQueue.arn}\n```\n\nYou can subscribe SNS topics to SQS queues in different Amazon accounts and regions:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst sns = config.getObject\u003c{account-id?: string, display_name?: string, name?: string, region?: string, role-name?: string}\u003e(\"sns\") || {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n name: \"example-sns-topic\",\n display_name: \"example\",\n region: \"us-west-1\",\n};\nconst sqs = config.getObject\u003c{account-id?: string, name?: string, region?: string, role-name?: string}\u003e(\"sqs\") || {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n name: \"example-sqs-queue\",\n region: \"us-east-1\",\n};\nconst sns-topic-policy = aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [sns[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__default_statement_ID\",\n },\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions: [{\n test: \"StringLike\",\n variable: \"SNS:Endpoint\",\n values: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__console_sub_0\",\n },\n ],\n});\nconst sqs-queue-policy = aws.iam.getPolicyDocument({\n policyId: `arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}/SQSDefaultPolicy`,\n statements: [{\n sid: \"example-sns-topic\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n actions: [\"SQS:SendMessage\"],\n resources: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n }],\n }],\n});\n// provider to manage SNS topics\nconst awsSns = new aws.Provider(\"awsSns\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sns[\"account-id\"]}:role/${sns[\"role-name\"]}`,\n sessionName: `sns-${sns.region}`,\n },\n});\n// provider to manage SQS queues\nconst awsSqs = new aws.Provider(\"awsSqs\", {\n region: sqs.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sqs-${sqs.region}`,\n },\n});\n// provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nconst sns2sqs = new aws.Provider(\"sns2sqs\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sns2sqs-${sns.region}`,\n },\n});\nconst sns_topicTopic = new aws.sns.Topic(\"sns-topicTopic\", {\n displayName: sns.display_name,\n policy: sns_topic_policy.then(sns_topic_policy =\u003e sns_topic_policy.json),\n}, {\n provider: aws.sns,\n});\nconst sqs_queue = new aws.sqs.Queue(\"sqs-queue\", {policy: sqs_queue_policy.then(sqs_queue_policy =\u003e sqs_queue_policy.json)}, {\n provider: aws.sqs,\n});\nconst sns_topicTopicSubscription = new aws.sns.TopicSubscription(\"sns-topicTopicSubscription\", {\n topic: sns_topicTopic.arn,\n protocol: \"sqs\",\n endpoint: sqs_queue.arn,\n}, {\n provider: aws.sns2sqs,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsns = config.get_object(\"sns\")\nif sns is None:\n sns = {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sns-topic\",\n \"display_name\": \"example\",\n \"region\": \"us-west-1\",\n }\nsqs = config.get_object(\"sqs\")\nif sqs is None:\n sqs = {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sqs-queue\",\n \"region\": \"us-east-1\",\n }\nsns_topic_policy = aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[sns[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__default_statement_ID\",\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"SNS:Endpoint\",\n values=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__console_sub_0\",\n ),\n ])\nsqs_queue_policy = aws.iam.get_policy_document(policy_id=f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}/SQSDefaultPolicy\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"example-sns-topic\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n actions=[\"SQS:SendMessage\"],\n resources=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n )],\n )])\n# provider to manage SNS topics\naws_sns = aws.Provider(\"awsSns\",\n region=sns[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sns['account-id']}:role/{sns['role-name']}\",\n session_name=f\"sns-{sns['region']}\",\n ))\n# provider to manage SQS queues\naws_sqs = aws.Provider(\"awsSqs\",\n region=sqs[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sqs-{sqs['region']}\",\n ))\n# provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nsns2sqs = aws.Provider(\"sns2sqs\",\n region=sns[\"region\"],\n assume_role=aws.ProviderAssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sns2sqs-{sns['region']}\",\n ))\nsns_topic_topic = aws.sns.Topic(\"sns-topicTopic\",\n display_name=sns[\"display_name\"],\n policy=sns_topic_policy.json,\n opts=pulumi.ResourceOptions(provider=aws[\"sns\"]))\nsqs_queue = aws.sqs.Queue(\"sqs-queue\", policy=sqs_queue_policy.json,\nopts=pulumi.ResourceOptions(provider=aws[\"sqs\"]))\nsns_topic_topic_subscription = aws.sns.TopicSubscription(\"sns-topicTopicSubscription\",\n topic=sns_topic_topic.arn,\n protocol=\"sqs\",\n endpoint=sqs_queue.arn,\n opts=pulumi.ResourceOptions(provider=aws[\"sns2sqs\"]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var sns = config.GetObject\u003cSns\u003e(\"sns\") ?? \n {\n { \"account-id\", \"111111111111\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sns-topic\" },\n { \"display_name\", \"example\" },\n { \"region\", \"us-west-1\" },\n };\n var sqs = config.GetObject\u003cSqs\u003e(\"sqs\") ?? \n {\n { \"account-id\", \"222222222222\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sqs-queue\" },\n { \"region\", \"us-east-1\" },\n };\n var sns_topic_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n sns.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__default_statement_ID\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"SNS:Endpoint\",\n Values = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__console_sub_0\",\n },\n },\n });\n\n var sqs_queue_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}/SQSDefaultPolicy\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example-sns-topic\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"SQS:SendMessage\",\n },\n Resources = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n },\n },\n },\n },\n });\n\n // provider to manage SNS topics\n var awsSns = new Aws.Provider(\"awsSns\", new()\n {\n Region = sns.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sns.Account_id}:role/{sns.Role_name}\",\n SessionName = $\"sns-{sns.Region}\",\n },\n });\n\n // provider to manage SQS queues\n var awsSqs = new Aws.Provider(\"awsSqs\", new()\n {\n Region = sqs.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sqs-{sqs.Region}\",\n },\n });\n\n // provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n var sns2sqs = new Aws.Provider(\"sns2sqs\", new()\n {\n Region = sns.Region,\n AssumeRole = new Aws.Inputs.ProviderAssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sns2sqs-{sns.Region}\",\n },\n });\n\n var sns_topicTopic = new Aws.Sns.Topic(\"sns-topicTopic\", new()\n {\n DisplayName = sns.Display_name,\n Policy = sns_topic_policy.Apply(sns_topic_policy =\u003e sns_topic_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n }, new CustomResourceOptions\n {\n Provider = aws.Sns,\n });\n\n var sqs_queue = new Aws.Sqs.Queue(\"sqs-queue\", new()\n {\n Policy = sqs_queue_policy.Apply(sqs_queue_policy =\u003e sqs_queue_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n }, new CustomResourceOptions\n {\n Provider = aws.Sqs,\n });\n\n var sns_topicTopicSubscription = new Aws.Sns.TopicSubscription(\"sns-topicTopicSubscription\", new()\n {\n Topic = sns_topicTopic.Arn,\n Protocol = \"sqs\",\n Endpoint = sqs_queue.Arn,\n }, new CustomResourceOptions\n {\n Provider = aws.Sns2sqs,\n });\n\n});\n\npublic class Sns\n{\n public string account-id { get; set; }\n public string display_name { get; set; }\n public string name { get; set; }\n public string region { get; set; }\n public string role-name { get; set; }\n}\n\npublic class Sqs\n{\n public string account-id { get; set; }\n public string name { get; set; }\n public string region { get; set; }\n public string role-name { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nsns := map[string]interface{}{\n\"account-id\": \"111111111111\",\n\"role-name\": \"service/service\",\n\"name\": \"example-sns-topic\",\n\"display_name\": \"example\",\n\"region\": \"us-west-1\",\n};\nif param := cfg.GetObject(\"sns\"); param != nil {\nsns = param\n}\nsqs := map[string]interface{}{\n\"account-id\": \"222222222222\",\n\"role-name\": \"service/service\",\n\"name\": \"example-sqs-queue\",\n\"region\": \"us-east-1\",\n};\nif param := cfg.GetObject(\"sqs\"); param != nil {\nsqs = param\n}\nsns_topic_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(\"__default_policy_ID\"),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\nsns.AccountId,\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__default_statement_ID\"),\n},\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Receive\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringLike\",\nVariable: \"SNS:Endpoint\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__console_sub_0\"),\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsqs_queue_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(fmt.Sprintf(\"arn:aws:sqs:%v:%v:%v/SQSDefaultPolicy\", sqs.Region, sqs.AccountId, sqs.Name)),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"example-sns-topic\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"SQS:SendMessage\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n// provider to manage SNS topics\n_, err = aws.NewProvider(ctx, \"awsSns\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sns.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sns.AccountId, sns.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sns-%v\", sns.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n// provider to manage SQS queues\n_, err = aws.NewProvider(ctx, \"awsSqs\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sqs.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sqs.AccountId, sqs.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sqs-%v\", sqs.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n// provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n_, err = aws.NewProvider(ctx, \"sns2sqs\", \u0026aws.ProviderArgs{\nRegion: *pulumi.String(sns.Region),\nAssumeRole: \u0026aws.ProviderAssumeRoleArgs{\nRoleArn: pulumi.String(fmt.Sprintf(\"arn:aws:iam::%v:role/%v\", sqs.AccountId, sqs.RoleName)),\nSessionName: pulumi.String(fmt.Sprintf(\"sns2sqs-%v\", sns.Region)),\n},\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopic(ctx, \"sns-topicTopic\", \u0026sns.TopicArgs{\nDisplayName: *pulumi.String(sns.Display_name),\nPolicy: *pulumi.String(sns_topic_policy.Json),\n}, pulumi.Provider(aws.Sns))\nif err != nil {\nreturn err\n}\n_, err = sqs.NewQueue(ctx, \"sqs-queue\", \u0026sqs.QueueArgs{\nPolicy: *pulumi.String(sqs_queue_policy.Json),\n}, pulumi.Provider(aws.Sqs))\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"sns-topicTopicSubscription\", \u0026sns.TopicSubscriptionArgs{\nTopic: sns_topicTopic.Arn,\nProtocol: pulumi.String(\"sqs\"),\nEndpoint: sqs_queue.Arn,\n}, pulumi.Provider(aws.Sns2sqs))\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.Provider;\nimport com.pulumi.aws.ProviderArgs;\nimport com.pulumi.aws.inputs.ProviderAssumeRoleArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var sns = config.get(\"sns\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sqs = config.get(\"sqs\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sns-topic-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(sns.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__default_statement_ID\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Receive\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"SNS:Endpoint\")\n .values(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__console_sub_0\")\n .build())\n .build());\n\n final var sqs-queue-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(String.format(\"arn:aws:sqs:%s:%s:%s/SQSDefaultPolicy\", sqs.region(),sqs.account-id(),sqs.name()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example-sns-topic\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .actions(\"SQS:SendMessage\")\n .resources(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .build())\n .build())\n .build());\n\n var awsSns = new Provider(\"awsSns\", ProviderArgs.builder() \n .region(sns.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sns.account-id(),sns.role-name()))\n .sessionName(String.format(\"sns-%s\", sns.region()))\n .build())\n .build());\n\n var awsSqs = new Provider(\"awsSqs\", ProviderArgs.builder() \n .region(sqs.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sqs.account-id(),sqs.role-name()))\n .sessionName(String.format(\"sqs-%s\", sqs.region()))\n .build())\n .build());\n\n var sns2sqs = new Provider(\"sns2sqs\", ProviderArgs.builder() \n .region(sns.region())\n .assumeRole(ProviderAssumeRoleArgs.builder()\n .roleArn(String.format(\"arn:aws:iam::%s:role/%s\", sqs.account-id(),sqs.role-name()))\n .sessionName(String.format(\"sns2sqs-%s\", sns.region()))\n .build())\n .build());\n\n var sns_topicTopic = new Topic(\"sns-topicTopic\", TopicArgs.builder() \n .displayName(sns.display_name())\n .policy(sns_topic_policy.json())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sns())\n .build());\n\n var sqs_queue = new Queue(\"sqs-queue\", QueueArgs.builder() \n .policy(sqs_queue_policy.json())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sqs())\n .build());\n\n var sns_topicTopicSubscription = new TopicSubscription(\"sns-topicTopicSubscription\", TopicSubscriptionArgs.builder() \n .topic(sns_topicTopic.arn())\n .protocol(\"sqs\")\n .endpoint(sqs_queue.arn())\n .build(), CustomResourceOptions.builder()\n .provider(aws.sns2sqs())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n sns:\n type: object({account-id = union(none, string), display_name = union(none, string), name = union(none, string), region = union(none, string), role-name = union(none, string)})\n default:\n account-id: '111111111111'\n role-name: service/service\n name: example-sns-topic\n display_name: example\n region: us-west-1\n sqs:\n type: object({account-id = union(none, string), name = union(none, string), region = union(none, string), role-name = union(none, string)})\n default:\n account-id: '222222222222'\n role-name: service/service\n name: example-sqs-queue\n region: us-east-1\nresources:\n # provider to manage SNS topics\n awsSns:\n type: pulumi:providers:aws\n properties:\n region: ${sns.region}\n assumeRole:\n roleArn: arn:aws:iam::${sns\"account-id\"[%!s(MISSING)]}:role/${sns\"role-name\"[%!s(MISSING)]}\n sessionName: sns-${sns.region}\n # provider to manage SQS queues\n awsSqs:\n type: pulumi:providers:aws\n properties:\n region: ${sqs.region}\n assumeRole:\n roleArn: arn:aws:iam::${sqs\"account-id\"[%!s(MISSING)]}:role/${sqs\"role-name\"[%!s(MISSING)]}\n sessionName: sqs-${sqs.region}\n # provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n sns2sqs:\n type: pulumi:providers:aws\n properties:\n region: ${sns.region}\n assumeRole:\n roleArn: arn:aws:iam::${sqs\"account-id\"[%!s(MISSING)]}:role/${sqs\"role-name\"[%!s(MISSING)]}\n sessionName: sns2sqs-${sns.region}\n sns-topicTopic:\n type: aws:sns:Topic\n properties:\n displayName: ${sns.display_name}\n policy: ${[\"sns-topic-policy\"].json}\n options:\n provider: ${aws.sns}\n sqs-queue:\n type: aws:sqs:Queue\n properties:\n policy: ${[\"sqs-queue-policy\"].json}\n options:\n provider: ${aws.sqs}\n sns-topicTopicSubscription:\n type: aws:sns:TopicSubscription\n properties:\n topic: ${[\"sns-topicTopic\"].arn}\n protocol: sqs\n endpoint: ${[\"sqs-queue\"].arn}\n options:\n provider: ${aws.sns2sqs}\nvariables:\n sns-topic-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${sns\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __default_statement_ID\n - actions:\n - SNS:Subscribe\n - SNS:Receive\n conditions:\n - test: StringLike\n variable: SNS:Endpoint\n values:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __console_sub_0\n sqs-queue-policy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n policyId: arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}/SQSDefaultPolicy\n statements:\n - sid: example-sns-topic\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n actions:\n - SQS:SendMessage\n resources:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import SNS Topic Subscriptions using the subscription `arn`. For example:\n\n```sh\n $ pulumi import aws:sns/topicSubscription:TopicSubscription user_updates_sqs_target arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f\n```\n ", "properties": { "arn": { "type": "string", @@ -342377,7 +342377,7 @@ } }, "aws:wafregional/webAcl:WebAcl": { - "description": "Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Regular Rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n}]});\nconst wafrule = new aws.wafregional.Rule(\"wafrule\", {\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n});\nconst wafacl = new aws.wafregional.WebAcl(\"wafacl\", {\n metricName: \"tfWebACL\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n action: {\n type: \"BLOCK\",\n },\n priority: 1,\n ruleId: wafrule.id,\n type: \"REGULAR\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.wafregional.IpSet(\"ipset\", ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n)])\nwafrule = aws.wafregional.Rule(\"wafrule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.wafregional.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )])\nwafacl = aws.wafregional.WebAcl(\"wafacl\",\n metric_name=\"tfWebACL\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n action=aws.wafregional.WebAclRuleActionArgs(\n type=\"BLOCK\",\n ),\n priority=1,\n rule_id=wafrule.id,\n type=\"REGULAR\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new()\n {\n IpSetDescriptors = new[]\n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n\n var wafrule = new Aws.WafRegional.Rule(\"wafrule\", new()\n {\n MetricName = \"tfWAFRule\",\n Predicates = new[]\n {\n new Aws.WafRegional.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n });\n\n var wafacl = new Aws.WafRegional.WebAcl(\"wafacl\", new()\n {\n MetricName = \"tfWebACL\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs\n {\n Type = \"BLOCK\",\n },\n Priority = 1,\n RuleId = wafrule.Id,\n Type = \"REGULAR\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", \u0026wafregional.IpSetArgs{\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t\u0026wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twafrule, err := wafregional.NewRule(ctx, \"wafrule\", \u0026wafregional.RuleArgs{\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: wafregional.RulePredicateArray{\n\t\t\t\t\u0026wafregional.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAcl(ctx, \"wafacl\", \u0026wafregional.WebAclArgs{\n\t\t\tMetricName: pulumi.String(\"tfWebACL\"),\n\t\t\tDefaultAction: \u0026wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tAction: \u0026wafregional.WebAclRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BLOCK\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: wafrule.ID(),\n\t\t\t\t\tType: pulumi.String(\"REGULAR\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.IpSet;\nimport com.pulumi.aws.wafregional.IpSetArgs;\nimport com.pulumi.aws.wafregional.inputs.IpSetIpSetDescriptorArgs;\nimport com.pulumi.aws.wafregional.Rule;\nimport com.pulumi.aws.wafregional.RuleArgs;\nimport com.pulumi.aws.wafregional.inputs.RulePredicateArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ipset = new IpSet(\"ipset\", IpSetArgs.builder() \n .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()\n .type(\"IPV4\")\n .value(\"192.0.7.0/24\")\n .build())\n .build());\n\n var wafrule = new Rule(\"wafrule\", RuleArgs.builder() \n .metricName(\"tfWAFRule\")\n .predicates(RulePredicateArgs.builder()\n .dataId(ipset.id())\n .negated(false)\n .type(\"IPMatch\")\n .build())\n .build());\n\n var wafacl = new WebAcl(\"wafacl\", WebAclArgs.builder() \n .metricName(\"tfWebACL\")\n .defaultAction(WebAclDefaultActionArgs.builder()\n .type(\"ALLOW\")\n .build())\n .rules(WebAclRuleArgs.builder()\n .action(WebAclRuleActionArgs.builder()\n .type(\"BLOCK\")\n .build())\n .priority(1)\n .ruleId(wafrule.id())\n .type(\"REGULAR\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipset:\n type: aws:wafregional:IpSet\n properties:\n ipSetDescriptors:\n - type: IPV4\n value: 192.0.7.0/24\n wafrule:\n type: aws:wafregional:Rule\n properties:\n metricName: tfWAFRule\n predicates:\n - dataId: ${ipset.id}\n negated: false\n type: IPMatch\n wafacl:\n type: aws:wafregional:WebAcl\n properties:\n metricName: tfWebACL\n defaultAction:\n type: ALLOW\n rules:\n - action:\n type: BLOCK\n priority: 1\n ruleId: ${wafrule.id}\n type: REGULAR\n```\n{{% /example %}}\n{{% example %}}\n### Group Rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafregional.WebAcl(\"example\", {\n metricName: \"example\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n priority: 1,\n ruleId: aws_wafregional_rule_group.example.id,\n type: \"GROUP\",\n overrideAction: {\n type: \"NONE\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafregional.WebAcl(\"example\",\n metric_name=\"example\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n priority=1,\n rule_id=aws_wafregional_rule_group[\"example\"][\"id\"],\n type=\"GROUP\",\n override_action=aws.wafregional.WebAclRuleOverrideActionArgs(\n type=\"NONE\",\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.WafRegional.WebAcl(\"example\", new()\n {\n MetricName = \"example\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = aws_wafregional_rule_group.Example.Id,\n Type = \"GROUP\",\n OverrideAction = new Aws.WafRegional.Inputs.WebAclRuleOverrideActionArgs\n {\n Type = \"NONE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewWebAcl(ctx, \"example\", \u0026wafregional.WebAclArgs{\n\t\t\tMetricName: pulumi.String(\"example\"),\n\t\t\tDefaultAction: \u0026wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: pulumi.Any(aws_wafregional_rule_group.Example.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t\tOverrideAction: \u0026wafregional.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"NONE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleOverrideActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new WebAcl(\"example\", WebAclArgs.builder() \n .metricName(\"example\")\n .defaultAction(WebAclDefaultActionArgs.builder()\n .type(\"ALLOW\")\n .build())\n .rules(WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(aws_wafregional_rule_group.example().id())\n .type(\"GROUP\")\n .overrideAction(WebAclRuleOverrideActionArgs.builder()\n .type(\"NONE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:wafregional:WebAcl\n properties:\n metricName: example\n defaultAction:\n type: ALLOW\n rules:\n - priority: 1\n ruleId: ${aws_wafregional_rule_group.example.id}\n type: GROUP\n overrideAction:\n type: NONE\n```\n{{% /example %}}\n{{% example %}}\n### Logging\n\n\u003e *NOTE:* The Kinesis Firehose Delivery Stream name must begin with `aws-waf-logs-`. See the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) for more information about enabling WAF logging.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.wafregional.WebAcl(\"example\", {loggingConfiguration: {\n logDestination: aws_kinesis_firehose_delivery_stream.example.arn,\n redactedFields: {\n fieldToMatches: [\n {\n type: \"URI\",\n },\n {\n data: \"referer\",\n type: \"HEADER\",\n },\n ],\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.wafregional.WebAcl(\"example\", logging_configuration=aws.wafregional.WebAclLoggingConfigurationArgs(\n log_destination=aws_kinesis_firehose_delivery_stream[\"example\"][\"arn\"],\n redacted_fields=aws.wafregional.WebAclLoggingConfigurationRedactedFieldsArgs(\n field_to_matches=[\n aws.wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(\n type=\"URI\",\n ),\n aws.wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(\n data=\"referer\",\n type=\"HEADER\",\n ),\n ],\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.WafRegional.WebAcl(\"example\", new()\n {\n LoggingConfiguration = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationArgs\n {\n LogDestination = aws_kinesis_firehose_delivery_stream.Example.Arn,\n RedactedFields = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsArgs\n {\n FieldToMatches = new[]\n {\n new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs\n {\n Type = \"URI\",\n },\n new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs\n {\n Data = \"referer\",\n Type = \"HEADER\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewWebAcl(ctx, \"example\", \u0026wafregional.WebAclArgs{\n\t\t\tLoggingConfiguration: \u0026wafregional.WebAclLoggingConfigurationArgs{\n\t\t\t\tLogDestination: pulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Arn),\n\t\t\t\tRedactedFields: \u0026wafregional.WebAclLoggingConfigurationRedactedFieldsArgs{\n\t\t\t\t\tFieldToMatches: wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArray{\n\t\t\t\t\t\t\u0026wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"URI\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{\n\t\t\t\t\t\t\tData: pulumi.String(\"referer\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"HEADER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationRedactedFieldsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new WebAcl(\"example\", WebAclArgs.builder() \n .loggingConfiguration(WebAclLoggingConfigurationArgs.builder()\n .logDestination(aws_kinesis_firehose_delivery_stream.example().arn())\n .redactedFields(WebAclLoggingConfigurationRedactedFieldsArgs.builder()\n .fieldToMatches( \n WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()\n .type(\"URI\")\n .build(),\n WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()\n .data(\"referer\")\n .type(\"HEADER\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:wafregional:WebAcl\n properties:\n loggingConfiguration:\n logDestination: ${aws_kinesis_firehose_delivery_stream.example.arn}\n redactedFields:\n fieldToMatches:\n - type: URI\n - data: referer\n type: HEADER\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import WAF Regional Web ACL using the id. For example:\n\n```sh\n $ pulumi import aws:wafregional/webAcl:WebAcl wafacl a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n ", + "description": "Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Regular Rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n}]});\nconst wafrule = new aws.wafregional.Rule(\"wafrule\", {\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n});\nconst wafacl = new aws.wafregional.WebAcl(\"wafacl\", {\n metricName: \"tfWebACL\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n action: {\n type: \"BLOCK\",\n },\n priority: 1,\n ruleId: wafrule.id,\n type: \"REGULAR\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.wafregional.IpSet(\"ipset\", ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n)])\nwafrule = aws.wafregional.Rule(\"wafrule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.wafregional.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )])\nwafacl = aws.wafregional.WebAcl(\"wafacl\",\n metric_name=\"tfWebACL\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n action=aws.wafregional.WebAclRuleActionArgs(\n type=\"BLOCK\",\n ),\n priority=1,\n rule_id=wafrule.id,\n type=\"REGULAR\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new()\n {\n IpSetDescriptors = new[]\n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n\n var wafrule = new Aws.WafRegional.Rule(\"wafrule\", new()\n {\n MetricName = \"tfWAFRule\",\n Predicates = new[]\n {\n new Aws.WafRegional.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n });\n\n var wafacl = new Aws.WafRegional.WebAcl(\"wafacl\", new()\n {\n MetricName = \"tfWebACL\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs\n {\n Type = \"BLOCK\",\n },\n Priority = 1,\n RuleId = wafrule.Id,\n Type = \"REGULAR\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", \u0026wafregional.IpSetArgs{\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t\u0026wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twafrule, err := wafregional.NewRule(ctx, \"wafrule\", \u0026wafregional.RuleArgs{\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: wafregional.RulePredicateArray{\n\t\t\t\t\u0026wafregional.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAcl(ctx, \"wafacl\", \u0026wafregional.WebAclArgs{\n\t\t\tMetricName: pulumi.String(\"tfWebACL\"),\n\t\t\tDefaultAction: \u0026wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tAction: \u0026wafregional.WebAclRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BLOCK\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: wafrule.ID(),\n\t\t\t\t\tType: pulumi.String(\"REGULAR\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.IpSet;\nimport com.pulumi.aws.wafregional.IpSetArgs;\nimport com.pulumi.aws.wafregional.inputs.IpSetIpSetDescriptorArgs;\nimport com.pulumi.aws.wafregional.Rule;\nimport com.pulumi.aws.wafregional.RuleArgs;\nimport com.pulumi.aws.wafregional.inputs.RulePredicateArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var ipset = new IpSet(\"ipset\", IpSetArgs.builder() \n .ipSetDescriptors(IpSetIpSetDescriptorArgs.builder()\n .type(\"IPV4\")\n .value(\"192.0.7.0/24\")\n .build())\n .build());\n\n var wafrule = new Rule(\"wafrule\", RuleArgs.builder() \n .metricName(\"tfWAFRule\")\n .predicates(RulePredicateArgs.builder()\n .dataId(ipset.id())\n .negated(false)\n .type(\"IPMatch\")\n .build())\n .build());\n\n var wafacl = new WebAcl(\"wafacl\", WebAclArgs.builder() \n .metricName(\"tfWebACL\")\n .defaultAction(WebAclDefaultActionArgs.builder()\n .type(\"ALLOW\")\n .build())\n .rules(WebAclRuleArgs.builder()\n .action(WebAclRuleActionArgs.builder()\n .type(\"BLOCK\")\n .build())\n .priority(1)\n .ruleId(wafrule.id())\n .type(\"REGULAR\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n ipset:\n type: aws:wafregional:IpSet\n properties:\n ipSetDescriptors:\n - type: IPV4\n value: 192.0.7.0/24\n wafrule:\n type: aws:wafregional:Rule\n properties:\n metricName: tfWAFRule\n predicates:\n - dataId: ${ipset.id}\n negated: false\n type: IPMatch\n wafacl:\n type: aws:wafregional:WebAcl\n properties:\n metricName: tfWebACL\n defaultAction:\n type: ALLOW\n rules:\n - action:\n type: BLOCK\n priority: 1\n ruleId: ${wafrule.id}\n type: REGULAR\n```\n{{% /example %}}\n{{% example %}}\n### Group Rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafregional.WebAcl(\"example\", {\n metricName: \"example\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n priority: 1,\n ruleId: aws_wafregional_rule_group.example.id,\n type: \"GROUP\",\n overrideAction: {\n type: \"NONE\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafregional.WebAcl(\"example\",\n metric_name=\"example\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n priority=1,\n rule_id=aws_wafregional_rule_group[\"example\"][\"id\"],\n type=\"GROUP\",\n override_action=aws.wafregional.WebAclRuleOverrideActionArgs(\n type=\"NONE\",\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.WafRegional.WebAcl(\"example\", new()\n {\n MetricName = \"example\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = aws_wafregional_rule_group.Example.Id,\n Type = \"GROUP\",\n OverrideAction = new Aws.WafRegional.Inputs.WebAclRuleOverrideActionArgs\n {\n Type = \"NONE\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewWebAcl(ctx, \"example\", \u0026wafregional.WebAclArgs{\n\t\t\tMetricName: pulumi.String(\"example\"),\n\t\t\tDefaultAction: \u0026wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: pulumi.Any(aws_wafregional_rule_group.Example.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t\tOverrideAction: \u0026wafregional.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"NONE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclDefaultActionArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleOverrideActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new WebAcl(\"example\", WebAclArgs.builder() \n .metricName(\"example\")\n .defaultAction(WebAclDefaultActionArgs.builder()\n .type(\"ALLOW\")\n .build())\n .rules(WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(aws_wafregional_rule_group.example().id())\n .type(\"GROUP\")\n .overrideAction(WebAclRuleOverrideActionArgs.builder()\n .type(\"NONE\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:wafregional:WebAcl\n properties:\n metricName: example\n defaultAction:\n type: ALLOW\n rules:\n - priority: 1\n ruleId: ${aws_wafregional_rule_group.example.id}\n type: GROUP\n overrideAction:\n type: NONE\n```\n{{% /example %}}\n{{% example %}}\n### Logging\n\n\u003e *NOTE:* The Kinesis Firehose Delivery Stream name must begin with `aws-waf-logs-`. See the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) for more information about enabling WAF logging.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.wafregional.WebAcl(\"example\", {loggingConfiguration: {\n logDestination: aws_kinesis_firehose_delivery_stream.example.arn,\n redactedFields: {\n fieldToMatches: [\n {\n type: \"URI\",\n },\n {\n data: \"referer\",\n type: \"HEADER\",\n },\n ],\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.wafregional.WebAcl(\"example\", logging_configuration=aws.wafregional.WebAclLoggingConfigurationArgs(\n log_destination=aws_kinesis_firehose_delivery_stream[\"example\"][\"arn\"],\n redacted_fields=aws.wafregional.WebAclLoggingConfigurationRedactedFieldsArgs(\n field_to_matches=[\n aws.wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(\n type=\"URI\",\n ),\n aws.wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(\n data=\"referer\",\n type=\"HEADER\",\n ),\n ],\n ),\n))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // ... other configuration ...\n var example = new Aws.WafRegional.WebAcl(\"example\", new()\n {\n LoggingConfiguration = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationArgs\n {\n LogDestination = aws_kinesis_firehose_delivery_stream.Example.Arn,\n RedactedFields = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsArgs\n {\n FieldToMatches = new[]\n {\n new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs\n {\n Type = \"URI\",\n },\n new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs\n {\n Data = \"referer\",\n Type = \"HEADER\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// ... other configuration ...\n\t\t_, err := wafregional.NewWebAcl(ctx, \"example\", \u0026wafregional.WebAclArgs{\n\t\t\tLoggingConfiguration: \u0026wafregional.WebAclLoggingConfigurationArgs{\n\t\t\t\tLogDestination: pulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Arn),\n\t\t\t\tRedactedFields: \u0026wafregional.WebAclLoggingConfigurationRedactedFieldsArgs{\n\t\t\t\t\tFieldToMatches: wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArray{\n\t\t\t\t\t\t\u0026wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"URI\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{\n\t\t\t\t\t\t\tData: pulumi.String(\"referer\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"HEADER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclLoggingConfigurationRedactedFieldsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new WebAcl(\"example\", WebAclArgs.builder() \n .loggingConfiguration(WebAclLoggingConfigurationArgs.builder()\n .logDestination(aws_kinesis_firehose_delivery_stream.example().arn())\n .redactedFields(WebAclLoggingConfigurationRedactedFieldsArgs.builder()\n .fieldToMatches( \n WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()\n .type(\"URI\")\n .build(),\n WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs.builder()\n .data(\"referer\")\n .type(\"HEADER\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:wafregional:WebAcl\n properties:\n loggingConfiguration:\n logDestination: ${aws_kinesis_firehose_delivery_stream.example.arn}\n redactedFields:\n fieldToMatches:\n - type: URI\n - data: referer\n type: HEADER\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUsing `pulumi import`, import WAF Regional Web ACL using the id. For example:\n\n```sh\n $ pulumi import aws:wafregional/webAcl:WebAcl wafacl a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n ", "properties": { "arn": { "type": "string", @@ -359888,7 +359888,7 @@ } }, "aws:ec2/getVpcEndpointService:getVpcEndpointService": { - "description": "The VPC Endpoint Service data source details about a specific service that\ncan be specified when creating a VPC endpoint within the region configured in the provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### AWS Service\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = aws.ec2.getVpcEndpointService({\n service: \"s3\",\n serviceType: \"Gateway\",\n});\n// Create a VPC\nconst foo = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.0.0.0/16\"});\n// Create a VPC endpoint\nconst ep = new aws.ec2.VpcEndpoint(\"ep\", {\n vpcId: foo.id,\n serviceName: s3.then(s3 =\u003e s3.serviceName),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.get_vpc_endpoint_service(service=\"s3\",\n service_type=\"Gateway\")\n# Create a VPC\nfoo = aws.ec2.Vpc(\"foo\", cidr_block=\"10.0.0.0/16\")\n# Create a VPC endpoint\nep = aws.ec2.VpcEndpoint(\"ep\",\n vpc_id=foo.id,\n service_name=s3.service_name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3 = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Service = \"s3\",\n ServiceType = \"Gateway\",\n });\n\n // Create a VPC\n var foo = new Aws.Ec2.Vpc(\"foo\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n // Create a VPC endpoint\n var ep = new Aws.Ec2.VpcEndpoint(\"ep\", new()\n {\n VpcId = foo.Id,\n ServiceName = s3.Apply(getVpcEndpointServiceResult =\u003e getVpcEndpointServiceResult.ServiceName),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ts3, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tService: pulumi.StringRef(\"s3\"),\n\t\t\tServiceType: pulumi.StringRef(\"Gateway\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewVpc(ctx, \"foo\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpoint(ctx, \"ep\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: foo.ID(),\n\t\t\tServiceName: *pulumi.String(s3.ServiceName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3 = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .service(\"s3\")\n .serviceType(\"Gateway\")\n .build());\n\n var foo = new Vpc(\"foo\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var ep = new VpcEndpoint(\"ep\", VpcEndpointArgs.builder() \n .vpcId(foo.id())\n .serviceName(s3.applyValue(getVpcEndpointServiceResult -\u003e getVpcEndpointServiceResult.serviceName()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a VPC\n foo:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n # Create a VPC endpoint\n ep:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${foo.id}\n serviceName: ${s3.serviceName}\nvariables:\n s3:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n service: s3\n serviceType: Gateway\n```\n{{% /example %}}\n{{% example %}}\n### Non-AWS Service\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst custome = aws.ec2.getVpcEndpointService({\n serviceName: \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncustome = aws.ec2.get_vpc_endpoint_service(service_name=\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var custome = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n ServiceName = \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tServiceName: pulumi.StringRef(\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custome = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .serviceName(\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n custome:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n serviceName: com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\n```\n{{% /example %}}\n{{% example %}}\n### Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getVpcEndpointService({\n filters: [{\n name: \"service-name\",\n values: [\"some-service\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_vpc_endpoint_service(filters=[aws.ec2.GetVpcEndpointServiceFilterArgs(\n name=\"service-name\",\n values=[\"some-service\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcEndpointServiceFilterInputArgs\n {\n Name = \"service-name\",\n Values = new[]\n {\n \"some-service\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tFilters: []ec2.GetVpcEndpointServiceFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"service-name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"some-service\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .filters(GetVpcEndpointServiceFilterArgs.builder()\n .name(\"service-name\")\n .values(\"some-service\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n filters:\n - name: service-name\n values:\n - some-service\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "The VPC Endpoint Service data source details about a specific service that\ncan be specified when creating a VPC endpoint within the region configured in the provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### AWS Service\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = aws.ec2.getVpcEndpointService({\n service: \"s3\",\n serviceType: \"Gateway\",\n});\n// Create a VPC\nconst foo = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.0.0.0/16\"});\n// Create a VPC endpoint\nconst ep = new aws.ec2.VpcEndpoint(\"ep\", {\n vpcId: foo.id,\n serviceName: s3.then(s3 =\u003e s3.serviceName),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.get_vpc_endpoint_service(service=\"s3\",\n service_type=\"Gateway\")\n# Create a VPC\nfoo = aws.ec2.Vpc(\"foo\", cidr_block=\"10.0.0.0/16\")\n# Create a VPC endpoint\nep = aws.ec2.VpcEndpoint(\"ep\",\n vpc_id=foo.id,\n service_name=s3.service_name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var s3 = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Service = \"s3\",\n ServiceType = \"Gateway\",\n });\n\n // Create a VPC\n var foo = new Aws.Ec2.Vpc(\"foo\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n\n // Create a VPC endpoint\n var ep = new Aws.Ec2.VpcEndpoint(\"ep\", new()\n {\n VpcId = foo.Id,\n ServiceName = s3.Apply(getVpcEndpointServiceResult =\u003e getVpcEndpointServiceResult.ServiceName),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ts3, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tService: pulumi.StringRef(\"s3\"),\n\t\t\tServiceType: pulumi.StringRef(\"Gateway\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a VPC\n\t\tfoo, err := ec2.NewVpc(ctx, \"foo\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a VPC endpoint\n\t\t_, err = ec2.NewVpcEndpoint(ctx, \"ep\", \u0026ec2.VpcEndpointArgs{\n\t\t\tVpcId: foo.ID(),\n\t\t\tServiceName: *pulumi.String(s3.ServiceName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.VpcEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var s3 = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .service(\"s3\")\n .serviceType(\"Gateway\")\n .build());\n\n var foo = new Vpc(\"foo\", VpcArgs.builder() \n .cidrBlock(\"10.0.0.0/16\")\n .build());\n\n var ep = new VpcEndpoint(\"ep\", VpcEndpointArgs.builder() \n .vpcId(foo.id())\n .serviceName(s3.applyValue(getVpcEndpointServiceResult -\u003e getVpcEndpointServiceResult.serviceName()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a VPC\n foo:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 10.0.0.0/16\n # Create a VPC endpoint\n ep:\n type: aws:ec2:VpcEndpoint\n properties:\n vpcId: ${foo.id}\n serviceName: ${s3.serviceName}\nvariables:\n s3:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n service: s3\n serviceType: Gateway\n```\n{{% /example %}}\n{{% example %}}\n### Non-AWS Service\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst custome = aws.ec2.getVpcEndpointService({\n serviceName: \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncustome = aws.ec2.get_vpc_endpoint_service(service_name=\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var custome = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n ServiceName = \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tServiceName: pulumi.StringRef(\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var custome = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .serviceName(\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n custome:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n serviceName: com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\n```\n{{% /example %}}\n{{% example %}}\n### Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getVpcEndpointService({\n filters: [{\n name: \"service-name\",\n values: [\"some-service\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_vpc_endpoint_service(filters=[aws.ec2.GetVpcEndpointServiceFilterArgs(\n name=\"service-name\",\n values=[\"some-service\"],\n)])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetVpcEndpointService.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetVpcEndpointServiceFilterInputArgs\n {\n Name = \"service-name\",\n Values = new[]\n {\n \"some-service\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, \u0026ec2.LookupVpcEndpointServiceArgs{\n\t\t\tFilters: []ec2.GetVpcEndpointServiceFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"service-name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"some-service\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcEndpointServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getVpcEndpointService(GetVpcEndpointServiceArgs.builder()\n .filters(GetVpcEndpointServiceFilterArgs.builder()\n .name(\"service-name\")\n .values(\"some-service\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n Function: aws:ec2:getVpcEndpointService\n Arguments:\n filters:\n - name: service-name\n values:\n - some-service\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getVpcEndpointService.\n", "properties": { @@ -360511,7 +360511,7 @@ } }, "aws:ec2/getVpcPeeringConnection:getVpcPeeringConnection": { - "description": "The VPC Peering Connection data source provides details about\na specific VPC peering connection.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pc = aws.ec2.getVpcPeeringConnection({\n vpcId: aws_vpc.foo.id,\n peerCidrBlock: \"10.0.1.0/22\",\n});\n// Create a route table\nconst rt = new aws.ec2.RouteTable(\"rt\", {vpcId: aws_vpc.foo.id});\n// Create a route\nconst route = new aws.ec2.Route(\"route\", {\n routeTableId: rt.id,\n destinationCidrBlock: pc.then(pc =\u003e pc.peerCidrBlock),\n vpcPeeringConnectionId: pc.then(pc =\u003e pc.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npc = aws.ec2.get_vpc_peering_connection(vpc_id=aws_vpc[\"foo\"][\"id\"],\n peer_cidr_block=\"10.0.1.0/22\")\n# Create a route table\nrt = aws.ec2.RouteTable(\"rt\", vpc_id=aws_vpc[\"foo\"][\"id\"])\n# Create a route\nroute = aws.ec2.Route(\"route\",\n route_table_id=rt.id,\n destination_cidr_block=pc.peer_cidr_block,\n vpc_peering_connection_id=pc.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pc = Aws.Ec2.GetVpcPeeringConnection.Invoke(new()\n {\n VpcId = aws_vpc.Foo.Id,\n PeerCidrBlock = \"10.0.1.0/22\",\n });\n\n // Create a route table\n var rt = new Aws.Ec2.RouteTable(\"rt\", new()\n {\n VpcId = aws_vpc.Foo.Id,\n });\n\n // Create a route\n var route = new Aws.Ec2.Route(\"route\", new()\n {\n RouteTableId = rt.Id,\n DestinationCidrBlock = pc.Apply(getVpcPeeringConnectionResult =\u003e getVpcPeeringConnectionResult.PeerCidrBlock),\n VpcPeeringConnectionId = pc.Apply(getVpcPeeringConnectionResult =\u003e getVpcPeeringConnectionResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpc, err := ec2.LookupVpcPeeringConnection(ctx, \u0026ec2.LookupVpcPeeringConnectionArgs{\n\t\t\tVpcId: pulumi.StringRef(aws_vpc.Foo.Id),\n\t\t\tPeerCidrBlock: pulumi.StringRef(\"10.0.1.0/22\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trt, err := ec2.NewRouteTable(ctx, \"rt\", \u0026ec2.RouteTableArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewRoute(ctx, \"route\", \u0026ec2.RouteArgs{\n\t\t\tRouteTableId: rt.ID(),\n\t\t\tDestinationCidrBlock: *pulumi.String(pc.PeerCidrBlock),\n\t\t\tVpcPeeringConnectionId: *pulumi.String(pc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.RouteTable;\nimport com.pulumi.aws.ec2.RouteTableArgs;\nimport com.pulumi.aws.ec2.Route;\nimport com.pulumi.aws.ec2.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var pc = Ec2Functions.getVpcPeeringConnection(GetVpcPeeringConnectionArgs.builder()\n .vpcId(aws_vpc.foo().id())\n .peerCidrBlock(\"10.0.1.0/22\")\n .build());\n\n var rt = new RouteTable(\"rt\", RouteTableArgs.builder() \n .vpcId(aws_vpc.foo().id())\n .build());\n\n var route = new Route(\"route\", RouteArgs.builder() \n .routeTableId(rt.id())\n .destinationCidrBlock(pc.applyValue(getVpcPeeringConnectionResult -\u003e getVpcPeeringConnectionResult.peerCidrBlock()))\n .vpcPeeringConnectionId(pc.applyValue(getVpcPeeringConnectionResult -\u003e getVpcPeeringConnectionResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a route table\n rt:\n type: aws:ec2:RouteTable\n properties:\n vpcId: ${aws_vpc.foo.id}\n # Create a route\n route:\n type: aws:ec2:Route\n properties:\n routeTableId: ${rt.id}\n destinationCidrBlock: ${pc.peerCidrBlock}\n vpcPeeringConnectionId: ${pc.id}\nvariables:\n pc:\n fn::invoke:\n Function: aws:ec2:getVpcPeeringConnection\n Arguments:\n vpcId: ${aws_vpc.foo.id}\n peerCidrBlock: 10.0.1.0/22\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "The VPC Peering Connection data source provides details about\na specific VPC peering connection.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pc = aws.ec2.getVpcPeeringConnection({\n vpcId: aws_vpc.foo.id,\n peerCidrBlock: \"10.0.1.0/22\",\n});\n// Create a route table\nconst rt = new aws.ec2.RouteTable(\"rt\", {vpcId: aws_vpc.foo.id});\n// Create a route\nconst route = new aws.ec2.Route(\"route\", {\n routeTableId: rt.id,\n destinationCidrBlock: pc.then(pc =\u003e pc.peerCidrBlock),\n vpcPeeringConnectionId: pc.then(pc =\u003e pc.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npc = aws.ec2.get_vpc_peering_connection(vpc_id=aws_vpc[\"foo\"][\"id\"],\n peer_cidr_block=\"10.0.1.0/22\")\n# Create a route table\nrt = aws.ec2.RouteTable(\"rt\", vpc_id=aws_vpc[\"foo\"][\"id\"])\n# Create a route\nroute = aws.ec2.Route(\"route\",\n route_table_id=rt.id,\n destination_cidr_block=pc.peer_cidr_block,\n vpc_peering_connection_id=pc.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var pc = Aws.Ec2.GetVpcPeeringConnection.Invoke(new()\n {\n VpcId = aws_vpc.Foo.Id,\n PeerCidrBlock = \"10.0.1.0/22\",\n });\n\n // Create a route table\n var rt = new Aws.Ec2.RouteTable(\"rt\", new()\n {\n VpcId = aws_vpc.Foo.Id,\n });\n\n // Create a route\n var route = new Aws.Ec2.Route(\"route\", new()\n {\n RouteTableId = rt.Id,\n DestinationCidrBlock = pc.Apply(getVpcPeeringConnectionResult =\u003e getVpcPeeringConnectionResult.PeerCidrBlock),\n VpcPeeringConnectionId = pc.Apply(getVpcPeeringConnectionResult =\u003e getVpcPeeringConnectionResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpc, err := ec2.LookupVpcPeeringConnection(ctx, \u0026ec2.LookupVpcPeeringConnectionArgs{\n\t\t\tVpcId: pulumi.StringRef(aws_vpc.Foo.Id),\n\t\t\tPeerCidrBlock: pulumi.StringRef(\"10.0.1.0/22\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a route table\n\t\trt, err := ec2.NewRouteTable(ctx, \"rt\", \u0026ec2.RouteTableArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create a route\n\t\t_, err = ec2.NewRoute(ctx, \"route\", \u0026ec2.RouteArgs{\n\t\t\tRouteTableId: rt.ID(),\n\t\t\tDestinationCidrBlock: *pulumi.String(pc.PeerCidrBlock),\n\t\t\tVpcPeeringConnectionId: *pulumi.String(pc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetVpcPeeringConnectionArgs;\nimport com.pulumi.aws.ec2.RouteTable;\nimport com.pulumi.aws.ec2.RouteTableArgs;\nimport com.pulumi.aws.ec2.Route;\nimport com.pulumi.aws.ec2.RouteArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var pc = Ec2Functions.getVpcPeeringConnection(GetVpcPeeringConnectionArgs.builder()\n .vpcId(aws_vpc.foo().id())\n .peerCidrBlock(\"10.0.1.0/22\")\n .build());\n\n var rt = new RouteTable(\"rt\", RouteTableArgs.builder() \n .vpcId(aws_vpc.foo().id())\n .build());\n\n var route = new Route(\"route\", RouteArgs.builder() \n .routeTableId(rt.id())\n .destinationCidrBlock(pc.applyValue(getVpcPeeringConnectionResult -\u003e getVpcPeeringConnectionResult.peerCidrBlock()))\n .vpcPeeringConnectionId(pc.applyValue(getVpcPeeringConnectionResult -\u003e getVpcPeeringConnectionResult.id()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Create a route table\n rt:\n type: aws:ec2:RouteTable\n properties:\n vpcId: ${aws_vpc.foo.id}\n # Create a route\n route:\n type: aws:ec2:Route\n properties:\n routeTableId: ${rt.id}\n destinationCidrBlock: ${pc.peerCidrBlock}\n vpcPeeringConnectionId: ${pc.id}\nvariables:\n pc:\n fn::invoke:\n Function: aws:ec2:getVpcPeeringConnection\n Arguments:\n vpcId: ${aws_vpc.foo.id}\n peerCidrBlock: 10.0.1.0/22\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getVpcPeeringConnection.\n", "properties": { @@ -369707,7 +369707,7 @@ } }, "aws:inspector/getRulesPackages:getRulesPackages": { - "description": "The Amazon Inspector Classic Rules Packages data source allows access to the list of AWS\nInspector Rules Packages which can be used by Amazon Inspector Classic within the region\nconfigured in the provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst rules = aws.inspector.getRulesPackages({});\n// e.g., Use in aws_inspector_assessment_template\nconst group = new aws.inspector.ResourceGroup(\"group\", {tags: {\n test: \"test\",\n}});\nconst assessmentAssessmentTarget = new aws.inspector.AssessmentTarget(\"assessmentAssessmentTarget\", {resourceGroupArn: group.arn});\nconst assessmentAssessmentTemplate = new aws.inspector.AssessmentTemplate(\"assessmentAssessmentTemplate\", {\n targetArn: assessmentAssessmentTarget.arn,\n duration: 60,\n rulesPackageArns: rules.then(rules =\u003e rules.arns),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrules = aws.inspector.get_rules_packages()\n# e.g., Use in aws_inspector_assessment_template\ngroup = aws.inspector.ResourceGroup(\"group\", tags={\n \"test\": \"test\",\n})\nassessment_assessment_target = aws.inspector.AssessmentTarget(\"assessmentAssessmentTarget\", resource_group_arn=group.arn)\nassessment_assessment_template = aws.inspector.AssessmentTemplate(\"assessmentAssessmentTemplate\",\n target_arn=assessment_assessment_target.arn,\n duration=60,\n rules_package_arns=rules.arns)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rules = Aws.Inspector.GetRulesPackages.Invoke();\n\n // e.g., Use in aws_inspector_assessment_template\n var @group = new Aws.Inspector.ResourceGroup(\"group\", new()\n {\n Tags = \n {\n { \"test\", \"test\" },\n },\n });\n\n var assessmentAssessmentTarget = new Aws.Inspector.AssessmentTarget(\"assessmentAssessmentTarget\", new()\n {\n ResourceGroupArn = @group.Arn,\n });\n\n var assessmentAssessmentTemplate = new Aws.Inspector.AssessmentTemplate(\"assessmentAssessmentTemplate\", new()\n {\n TargetArn = assessmentAssessmentTarget.Arn,\n Duration = 60,\n RulesPackageArns = rules.Apply(getRulesPackagesResult =\u003e getRulesPackagesResult.Arns),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/inspector\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trules, err := inspector.GetRulesPackages(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := inspector.NewResourceGroup(ctx, \"group\", \u0026inspector.ResourceGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"test\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassessmentAssessmentTarget, err := inspector.NewAssessmentTarget(ctx, \"assessmentAssessmentTarget\", \u0026inspector.AssessmentTargetArgs{\n\t\t\tResourceGroupArn: group.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = inspector.NewAssessmentTemplate(ctx, \"assessmentAssessmentTemplate\", \u0026inspector.AssessmentTemplateArgs{\n\t\t\tTargetArn: assessmentAssessmentTarget.Arn,\n\t\t\tDuration: pulumi.Int(60),\n\t\t\tRulesPackageArns: interface{}(rules.Arns),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.inspector.InspectorFunctions;\nimport com.pulumi.aws.inspector.ResourceGroup;\nimport com.pulumi.aws.inspector.ResourceGroupArgs;\nimport com.pulumi.aws.inspector.AssessmentTarget;\nimport com.pulumi.aws.inspector.AssessmentTargetArgs;\nimport com.pulumi.aws.inspector.AssessmentTemplate;\nimport com.pulumi.aws.inspector.AssessmentTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var rules = InspectorFunctions.getRulesPackages();\n\n var group = new ResourceGroup(\"group\", ResourceGroupArgs.builder() \n .tags(Map.of(\"test\", \"test\"))\n .build());\n\n var assessmentAssessmentTarget = new AssessmentTarget(\"assessmentAssessmentTarget\", AssessmentTargetArgs.builder() \n .resourceGroupArn(group.arn())\n .build());\n\n var assessmentAssessmentTemplate = new AssessmentTemplate(\"assessmentAssessmentTemplate\", AssessmentTemplateArgs.builder() \n .targetArn(assessmentAssessmentTarget.arn())\n .duration(\"60\")\n .rulesPackageArns(rules.applyValue(getRulesPackagesResult -\u003e getRulesPackagesResult.arns()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # e.g., Use in aws_inspector_assessment_template\n group:\n type: aws:inspector:ResourceGroup\n properties:\n tags:\n test: test\n assessmentAssessmentTarget:\n type: aws:inspector:AssessmentTarget\n properties:\n resourceGroupArn: ${group.arn}\n assessmentAssessmentTemplate:\n type: aws:inspector:AssessmentTemplate\n properties:\n targetArn: ${assessmentAssessmentTarget.arn}\n duration: '60'\n rulesPackageArns: ${rules.arns}\nvariables:\n rules:\n fn::invoke:\n Function: aws:inspector:getRulesPackages\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "The Amazon Inspector Classic Rules Packages data source allows access to the list of AWS\nInspector Rules Packages which can be used by Amazon Inspector Classic within the region\nconfigured in the provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst rules = aws.inspector.getRulesPackages({});\n// e.g., Use in aws_inspector_assessment_template\nconst group = new aws.inspector.ResourceGroup(\"group\", {tags: {\n test: \"test\",\n}});\nconst assessmentAssessmentTarget = new aws.inspector.AssessmentTarget(\"assessmentAssessmentTarget\", {resourceGroupArn: group.arn});\nconst assessmentAssessmentTemplate = new aws.inspector.AssessmentTemplate(\"assessmentAssessmentTemplate\", {\n targetArn: assessmentAssessmentTarget.arn,\n duration: 60,\n rulesPackageArns: rules.then(rules =\u003e rules.arns),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrules = aws.inspector.get_rules_packages()\n# e.g., Use in aws_inspector_assessment_template\ngroup = aws.inspector.ResourceGroup(\"group\", tags={\n \"test\": \"test\",\n})\nassessment_assessment_target = aws.inspector.AssessmentTarget(\"assessmentAssessmentTarget\", resource_group_arn=group.arn)\nassessment_assessment_template = aws.inspector.AssessmentTemplate(\"assessmentAssessmentTemplate\",\n target_arn=assessment_assessment_target.arn,\n duration=60,\n rules_package_arns=rules.arns)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var rules = Aws.Inspector.GetRulesPackages.Invoke();\n\n // e.g., Use in aws_inspector_assessment_template\n var @group = new Aws.Inspector.ResourceGroup(\"group\", new()\n {\n Tags = \n {\n { \"test\", \"test\" },\n },\n });\n\n var assessmentAssessmentTarget = new Aws.Inspector.AssessmentTarget(\"assessmentAssessmentTarget\", new()\n {\n ResourceGroupArn = @group.Arn,\n });\n\n var assessmentAssessmentTemplate = new Aws.Inspector.AssessmentTemplate(\"assessmentAssessmentTemplate\", new()\n {\n TargetArn = assessmentAssessmentTarget.Arn,\n Duration = 60,\n RulesPackageArns = rules.Apply(getRulesPackagesResult =\u003e getRulesPackagesResult.Arns),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/inspector\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trules, err := inspector.GetRulesPackages(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// e.g., Use in aws_inspector_assessment_template\n\t\tgroup, err := inspector.NewResourceGroup(ctx, \"group\", \u0026inspector.ResourceGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"test\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassessmentAssessmentTarget, err := inspector.NewAssessmentTarget(ctx, \"assessmentAssessmentTarget\", \u0026inspector.AssessmentTargetArgs{\n\t\t\tResourceGroupArn: group.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = inspector.NewAssessmentTemplate(ctx, \"assessmentAssessmentTemplate\", \u0026inspector.AssessmentTemplateArgs{\n\t\t\tTargetArn: assessmentAssessmentTarget.Arn,\n\t\t\tDuration: pulumi.Int(60),\n\t\t\tRulesPackageArns: interface{}(rules.Arns),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.inspector.InspectorFunctions;\nimport com.pulumi.aws.inspector.ResourceGroup;\nimport com.pulumi.aws.inspector.ResourceGroupArgs;\nimport com.pulumi.aws.inspector.AssessmentTarget;\nimport com.pulumi.aws.inspector.AssessmentTargetArgs;\nimport com.pulumi.aws.inspector.AssessmentTemplate;\nimport com.pulumi.aws.inspector.AssessmentTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var rules = InspectorFunctions.getRulesPackages();\n\n var group = new ResourceGroup(\"group\", ResourceGroupArgs.builder() \n .tags(Map.of(\"test\", \"test\"))\n .build());\n\n var assessmentAssessmentTarget = new AssessmentTarget(\"assessmentAssessmentTarget\", AssessmentTargetArgs.builder() \n .resourceGroupArn(group.arn())\n .build());\n\n var assessmentAssessmentTemplate = new AssessmentTemplate(\"assessmentAssessmentTemplate\", AssessmentTemplateArgs.builder() \n .targetArn(assessmentAssessmentTarget.arn())\n .duration(\"60\")\n .rulesPackageArns(rules.applyValue(getRulesPackagesResult -\u003e getRulesPackagesResult.arns()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # e.g., Use in aws_inspector_assessment_template\n group:\n type: aws:inspector:ResourceGroup\n properties:\n tags:\n test: test\n assessmentAssessmentTarget:\n type: aws:inspector:AssessmentTarget\n properties:\n resourceGroupArn: ${group.arn}\n assessmentAssessmentTemplate:\n type: aws:inspector:AssessmentTemplate\n properties:\n targetArn: ${assessmentAssessmentTarget.arn}\n duration: '60'\n rulesPackageArns: ${rules.arns}\nvariables:\n rules:\n fn::invoke:\n Function: aws:inspector:getRulesPackages\n Arguments: {}\n```\n{{% /example %}}\n{{% /examples %}}", "outputs": { "description": "A collection of values returned by getRulesPackages.\n", "properties": { @@ -378883,7 +378883,7 @@ } }, "aws:rds/getClusterSnapshot:getClusterSnapshot": { - "description": "Use this data source to get information about a DB Cluster Snapshot for use when provisioning DB clusters.\n\n\u003e **NOTE:** This data source does not apply to snapshots created on DB Instances.\nSee the `aws.rds.Snapshot` data source for DB Instance snapshots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst developmentFinalSnapshot = aws.rds.getClusterSnapshot({\n dbClusterIdentifier: \"development_cluster\",\n mostRecent: true,\n});\n// Use the last snapshot of the dev database before it was destroyed to create\n// a new dev database.\nconst auroraCluster = new aws.rds.Cluster(\"auroraCluster\", {\n clusterIdentifier: \"development_cluster\",\n snapshotIdentifier: developmentFinalSnapshot.then(developmentFinalSnapshot =\u003e developmentFinalSnapshot.id),\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\nconst auroraClusterInstance = new aws.rds.ClusterInstance(\"auroraClusterInstance\", {\n clusterIdentifier: auroraCluster.id,\n instanceClass: \"db.t2.small\",\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndevelopment_final_snapshot = aws.rds.get_cluster_snapshot(db_cluster_identifier=\"development_cluster\",\n most_recent=True)\n# Use the last snapshot of the dev database before it was destroyed to create\n# a new dev database.\naurora_cluster = aws.rds.Cluster(\"auroraCluster\",\n cluster_identifier=\"development_cluster\",\n snapshot_identifier=development_final_snapshot.id,\n db_subnet_group_name=\"my_db_subnet_group\")\naurora_cluster_instance = aws.rds.ClusterInstance(\"auroraClusterInstance\",\n cluster_identifier=aurora_cluster.id,\n instance_class=\"db.t2.small\",\n db_subnet_group_name=\"my_db_subnet_group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var developmentFinalSnapshot = Aws.Rds.GetClusterSnapshot.Invoke(new()\n {\n DbClusterIdentifier = \"development_cluster\",\n MostRecent = true,\n });\n\n // Use the last snapshot of the dev database before it was destroyed to create\n // a new dev database.\n var auroraCluster = new Aws.Rds.Cluster(\"auroraCluster\", new()\n {\n ClusterIdentifier = \"development_cluster\",\n SnapshotIdentifier = developmentFinalSnapshot.Apply(getClusterSnapshotResult =\u003e getClusterSnapshotResult.Id),\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n\n var auroraClusterInstance = new Aws.Rds.ClusterInstance(\"auroraClusterInstance\", new()\n {\n ClusterIdentifier = auroraCluster.Id,\n InstanceClass = \"db.t2.small\",\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdevelopmentFinalSnapshot, err := rds.LookupClusterSnapshot(ctx, \u0026rds.LookupClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: pulumi.StringRef(\"development_cluster\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tauroraCluster, err := rds.NewCluster(ctx, \"auroraCluster\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"development_cluster\"),\n\t\t\tSnapshotIdentifier: *pulumi.String(developmentFinalSnapshot.Id),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"auroraClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tClusterIdentifier: auroraCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetClusterSnapshotArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var developmentFinalSnapshot = RdsFunctions.getClusterSnapshot(GetClusterSnapshotArgs.builder()\n .dbClusterIdentifier(\"development_cluster\")\n .mostRecent(true)\n .build());\n\n var auroraCluster = new Cluster(\"auroraCluster\", ClusterArgs.builder() \n .clusterIdentifier(\"development_cluster\")\n .snapshotIdentifier(developmentFinalSnapshot.applyValue(getClusterSnapshotResult -\u003e getClusterSnapshotResult.id()))\n .dbSubnetGroupName(\"my_db_subnet_group\")\n .build());\n\n var auroraClusterInstance = new ClusterInstance(\"auroraClusterInstance\", ClusterInstanceArgs.builder() \n .clusterIdentifier(auroraCluster.id())\n .instanceClass(\"db.t2.small\")\n .dbSubnetGroupName(\"my_db_subnet_group\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Use the last snapshot of the dev database before it was destroyed to create\n # a new dev database.\n auroraCluster:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: development_cluster\n snapshotIdentifier: ${developmentFinalSnapshot.id}\n dbSubnetGroupName: my_db_subnet_group\n auroraClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n clusterIdentifier: ${auroraCluster.id}\n instanceClass: db.t2.small\n dbSubnetGroupName: my_db_subnet_group\nvariables:\n developmentFinalSnapshot:\n fn::invoke:\n Function: aws:rds:getClusterSnapshot\n Arguments:\n dbClusterIdentifier: development_cluster\n mostRecent: true\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Use this data source to get information about a DB Cluster Snapshot for use when provisioning DB clusters.\n\n\u003e **NOTE:** This data source does not apply to snapshots created on DB Instances.\nSee the `aws.rds.Snapshot` data source for DB Instance snapshots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst developmentFinalSnapshot = aws.rds.getClusterSnapshot({\n dbClusterIdentifier: \"development_cluster\",\n mostRecent: true,\n});\n// Use the last snapshot of the dev database before it was destroyed to create\n// a new dev database.\nconst auroraCluster = new aws.rds.Cluster(\"auroraCluster\", {\n clusterIdentifier: \"development_cluster\",\n snapshotIdentifier: developmentFinalSnapshot.then(developmentFinalSnapshot =\u003e developmentFinalSnapshot.id),\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\nconst auroraClusterInstance = new aws.rds.ClusterInstance(\"auroraClusterInstance\", {\n clusterIdentifier: auroraCluster.id,\n instanceClass: \"db.t2.small\",\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndevelopment_final_snapshot = aws.rds.get_cluster_snapshot(db_cluster_identifier=\"development_cluster\",\n most_recent=True)\n# Use the last snapshot of the dev database before it was destroyed to create\n# a new dev database.\naurora_cluster = aws.rds.Cluster(\"auroraCluster\",\n cluster_identifier=\"development_cluster\",\n snapshot_identifier=development_final_snapshot.id,\n db_subnet_group_name=\"my_db_subnet_group\")\naurora_cluster_instance = aws.rds.ClusterInstance(\"auroraClusterInstance\",\n cluster_identifier=aurora_cluster.id,\n instance_class=\"db.t2.small\",\n db_subnet_group_name=\"my_db_subnet_group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var developmentFinalSnapshot = Aws.Rds.GetClusterSnapshot.Invoke(new()\n {\n DbClusterIdentifier = \"development_cluster\",\n MostRecent = true,\n });\n\n // Use the last snapshot of the dev database before it was destroyed to create\n // a new dev database.\n var auroraCluster = new Aws.Rds.Cluster(\"auroraCluster\", new()\n {\n ClusterIdentifier = \"development_cluster\",\n SnapshotIdentifier = developmentFinalSnapshot.Apply(getClusterSnapshotResult =\u003e getClusterSnapshotResult.Id),\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n\n var auroraClusterInstance = new Aws.Rds.ClusterInstance(\"auroraClusterInstance\", new()\n {\n ClusterIdentifier = auroraCluster.Id,\n InstanceClass = \"db.t2.small\",\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdevelopmentFinalSnapshot, err := rds.LookupClusterSnapshot(ctx, \u0026rds.LookupClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: pulumi.StringRef(\"development_cluster\"),\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Use the last snapshot of the dev database before it was destroyed to create\n\t\t// a new dev database.\n\t\tauroraCluster, err := rds.NewCluster(ctx, \"auroraCluster\", \u0026rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"development_cluster\"),\n\t\t\tSnapshotIdentifier: *pulumi.String(developmentFinalSnapshot.Id),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"auroraClusterInstance\", \u0026rds.ClusterInstanceArgs{\n\t\t\tClusterIdentifier: auroraCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetClusterSnapshotArgs;\nimport com.pulumi.aws.rds.Cluster;\nimport com.pulumi.aws.rds.ClusterArgs;\nimport com.pulumi.aws.rds.ClusterInstance;\nimport com.pulumi.aws.rds.ClusterInstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var developmentFinalSnapshot = RdsFunctions.getClusterSnapshot(GetClusterSnapshotArgs.builder()\n .dbClusterIdentifier(\"development_cluster\")\n .mostRecent(true)\n .build());\n\n var auroraCluster = new Cluster(\"auroraCluster\", ClusterArgs.builder() \n .clusterIdentifier(\"development_cluster\")\n .snapshotIdentifier(developmentFinalSnapshot.applyValue(getClusterSnapshotResult -\u003e getClusterSnapshotResult.id()))\n .dbSubnetGroupName(\"my_db_subnet_group\")\n .build());\n\n var auroraClusterInstance = new ClusterInstance(\"auroraClusterInstance\", ClusterInstanceArgs.builder() \n .clusterIdentifier(auroraCluster.id())\n .instanceClass(\"db.t2.small\")\n .dbSubnetGroupName(\"my_db_subnet_group\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # Use the last snapshot of the dev database before it was destroyed to create\n # a new dev database.\n auroraCluster:\n type: aws:rds:Cluster\n properties:\n clusterIdentifier: development_cluster\n snapshotIdentifier: ${developmentFinalSnapshot.id}\n dbSubnetGroupName: my_db_subnet_group\n auroraClusterInstance:\n type: aws:rds:ClusterInstance\n properties:\n clusterIdentifier: ${auroraCluster.id}\n instanceClass: db.t2.small\n dbSubnetGroupName: my_db_subnet_group\nvariables:\n developmentFinalSnapshot:\n fn::invoke:\n Function: aws:rds:getClusterSnapshot\n Arguments:\n dbClusterIdentifier: development_cluster\n mostRecent: true\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getClusterSnapshot.\n", "properties": { @@ -380040,7 +380040,7 @@ } }, "aws:rds/getSnapshot:getSnapshot": { - "description": "Use this data source to get information about a DB Snapshot for use when provisioning DB instances\n\n\u003e **NOTE:** This data source does not apply to snapshots created on Aurora DB clusters.\nSee the `aws.rds.ClusterSnapshot` data source for DB Cluster snapshots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst prod = new aws.rds.Instance(\"prod\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.17\",\n instanceClass: \"db.t2.micro\",\n dbName: \"mydb\",\n username: \"foo\",\n password: \"bar\",\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.6\",\n});\nconst latestProdSnapshot = aws.rds.getSnapshotOutput({\n dbInstanceIdentifier: prod.identifier,\n mostRecent: true,\n});\n// Use the latest production snapshot to create a dev instance.\nconst dev = new aws.rds.Instance(\"dev\", {\n instanceClass: \"db.t2.micro\",\n dbName: \"mydbdev\",\n snapshotIdentifier: latestProdSnapshot.apply(latestProdSnapshot =\u003e latestProdSnapshot.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprod = aws.rds.Instance(\"prod\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.17\",\n instance_class=\"db.t2.micro\",\n db_name=\"mydb\",\n username=\"foo\",\n password=\"bar\",\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.6\")\nlatest_prod_snapshot = aws.rds.get_snapshot_output(db_instance_identifier=prod.identifier,\n most_recent=True)\n# Use the latest production snapshot to create a dev instance.\ndev = aws.rds.Instance(\"dev\",\n instance_class=\"db.t2.micro\",\n db_name=\"mydbdev\",\n snapshot_identifier=latest_prod_snapshot.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var prod = new Aws.Rds.Instance(\"prod\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.17\",\n InstanceClass = \"db.t2.micro\",\n DbName = \"mydb\",\n Username = \"foo\",\n Password = \"bar\",\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var latestProdSnapshot = Aws.Rds.GetSnapshot.Invoke(new()\n {\n DbInstanceIdentifier = prod.Identifier,\n MostRecent = true,\n });\n\n // Use the latest production snapshot to create a dev instance.\n var dev = new Aws.Rds.Instance(\"dev\", new()\n {\n InstanceClass = \"db.t2.micro\",\n DbName = \"mydbdev\",\n SnapshotIdentifier = latestProdSnapshot.Apply(getSnapshotResult =\u003e getSnapshotResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprod, err := rds.NewInstance(ctx, \"prod\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.17\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"bar\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlatestProdSnapshot := rds.LookupSnapshotOutput(ctx, rds.GetSnapshotOutputArgs{\n\t\t\tDbInstanceIdentifier: prod.Identifier,\n\t\t\tMostRecent: pulumi.Bool(true),\n\t\t}, nil)\n\t\t_, err = rds.NewInstance(ctx, \"dev\", \u0026rds.InstanceArgs{\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"mydbdev\"),\n\t\t\tSnapshotIdentifier: latestProdSnapshot.ApplyT(func(latestProdSnapshot rds.GetSnapshotResult) (*string, error) {\n\t\t\t\treturn \u0026latestProdSnapshot.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetSnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var prod = new Instance(\"prod\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.17\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydb\")\n .username(\"foo\")\n .password(\"bar\")\n .dbSubnetGroupName(\"my_database_subnet_group\")\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n final var latestProdSnapshot = RdsFunctions.getSnapshot(GetSnapshotArgs.builder()\n .dbInstanceIdentifier(prod.identifier())\n .mostRecent(true)\n .build());\n\n var dev = new Instance(\"dev\", InstanceArgs.builder() \n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydbdev\")\n .snapshotIdentifier(latestProdSnapshot.applyValue(getSnapshotResult -\u003e getSnapshotResult).applyValue(latestProdSnapshot -\u003e latestProdSnapshot.applyValue(getSnapshotResult -\u003e getSnapshotResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n prod:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.17\n instanceClass: db.t2.micro\n dbName: mydb\n username: foo\n password: bar\n dbSubnetGroupName: my_database_subnet_group\n parameterGroupName: default.mysql5.6\n # Use the latest production snapshot to create a dev instance.\n dev:\n type: aws:rds:Instance\n properties:\n instanceClass: db.t2.micro\n dbName: mydbdev\n snapshotIdentifier: ${latestProdSnapshot.id}\nvariables:\n latestProdSnapshot:\n fn::invoke:\n Function: aws:rds:getSnapshot\n Arguments:\n dbInstanceIdentifier: ${prod.identifier}\n mostRecent: true\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "Use this data source to get information about a DB Snapshot for use when provisioning DB instances\n\n\u003e **NOTE:** This data source does not apply to snapshots created on Aurora DB clusters.\nSee the `aws.rds.ClusterSnapshot` data source for DB Cluster snapshots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst prod = new aws.rds.Instance(\"prod\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.17\",\n instanceClass: \"db.t2.micro\",\n dbName: \"mydb\",\n username: \"foo\",\n password: \"bar\",\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.6\",\n});\nconst latestProdSnapshot = aws.rds.getSnapshotOutput({\n dbInstanceIdentifier: prod.identifier,\n mostRecent: true,\n});\n// Use the latest production snapshot to create a dev instance.\nconst dev = new aws.rds.Instance(\"dev\", {\n instanceClass: \"db.t2.micro\",\n dbName: \"mydbdev\",\n snapshotIdentifier: latestProdSnapshot.apply(latestProdSnapshot =\u003e latestProdSnapshot.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprod = aws.rds.Instance(\"prod\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.17\",\n instance_class=\"db.t2.micro\",\n db_name=\"mydb\",\n username=\"foo\",\n password=\"bar\",\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.6\")\nlatest_prod_snapshot = aws.rds.get_snapshot_output(db_instance_identifier=prod.identifier,\n most_recent=True)\n# Use the latest production snapshot to create a dev instance.\ndev = aws.rds.Instance(\"dev\",\n instance_class=\"db.t2.micro\",\n db_name=\"mydbdev\",\n snapshot_identifier=latest_prod_snapshot.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var prod = new Aws.Rds.Instance(\"prod\", new()\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.17\",\n InstanceClass = \"db.t2.micro\",\n DbName = \"mydb\",\n Username = \"foo\",\n Password = \"bar\",\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.6\",\n });\n\n var latestProdSnapshot = Aws.Rds.GetSnapshot.Invoke(new()\n {\n DbInstanceIdentifier = prod.Identifier,\n MostRecent = true,\n });\n\n // Use the latest production snapshot to create a dev instance.\n var dev = new Aws.Rds.Instance(\"dev\", new()\n {\n InstanceClass = \"db.t2.micro\",\n DbName = \"mydbdev\",\n SnapshotIdentifier = latestProdSnapshot.Apply(getSnapshotResult =\u003e getSnapshotResult.Id),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprod, err := rds.NewInstance(ctx, \"prod\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.17\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"bar\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlatestProdSnapshot := rds.LookupSnapshotOutput(ctx, rds.GetSnapshotOutputArgs{\n\t\t\tDbInstanceIdentifier: prod.Identifier,\n\t\t\tMostRecent: pulumi.Bool(true),\n\t\t}, nil)\n\t\t// Use the latest production snapshot to create a dev instance.\n\t\t_, err = rds.NewInstance(ctx, \"dev\", \u0026rds.InstanceArgs{\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tDbName: pulumi.String(\"mydbdev\"),\n\t\t\tSnapshotIdentifier: latestProdSnapshot.ApplyT(func(latestProdSnapshot rds.GetSnapshotResult) (*string, error) {\n\t\t\t\treturn \u0026latestProdSnapshot.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetSnapshotArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var prod = new Instance(\"prod\", InstanceArgs.builder() \n .allocatedStorage(10)\n .engine(\"mysql\")\n .engineVersion(\"5.6.17\")\n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydb\")\n .username(\"foo\")\n .password(\"bar\")\n .dbSubnetGroupName(\"my_database_subnet_group\")\n .parameterGroupName(\"default.mysql5.6\")\n .build());\n\n final var latestProdSnapshot = RdsFunctions.getSnapshot(GetSnapshotArgs.builder()\n .dbInstanceIdentifier(prod.identifier())\n .mostRecent(true)\n .build());\n\n var dev = new Instance(\"dev\", InstanceArgs.builder() \n .instanceClass(\"db.t2.micro\")\n .dbName(\"mydbdev\")\n .snapshotIdentifier(latestProdSnapshot.applyValue(getSnapshotResult -\u003e getSnapshotResult).applyValue(latestProdSnapshot -\u003e latestProdSnapshot.applyValue(getSnapshotResult -\u003e getSnapshotResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n prod:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n engine: mysql\n engineVersion: 5.6.17\n instanceClass: db.t2.micro\n dbName: mydb\n username: foo\n password: bar\n dbSubnetGroupName: my_database_subnet_group\n parameterGroupName: default.mysql5.6\n # Use the latest production snapshot to create a dev instance.\n dev:\n type: aws:rds:Instance\n properties:\n instanceClass: db.t2.micro\n dbName: mydbdev\n snapshotIdentifier: ${latestProdSnapshot.id}\nvariables:\n latestProdSnapshot:\n fn::invoke:\n Function: aws:rds:getSnapshot\n Arguments:\n dbInstanceIdentifier: ${prod.identifier}\n mostRecent: true\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getSnapshot.\n", "properties": { @@ -387073,7 +387073,7 @@ } }, "aws:waf/getSubscribedRuleGroup:getSubscribedRuleGroup": { - "description": "`aws.waf.getSubscribedRuleGroup` retrieves information about a Managed WAF Rule Group from AWS Marketplace (needs to be subscribed to first).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byName = aws.waf.getSubscribedRuleGroup({\n name: \"F5 Bot Detection Signatures For AWS WAF\",\n});\nconst byMetricName = aws.waf.getSubscribedRuleGroup({\n metricName: \"F5BotDetectionSignatures\",\n});\n// ...\nconst acl = new aws.waf.WebAcl(\"acl\", {rules: [\n {\n priority: 1,\n ruleId: byName.then(byName =\u003e byName.id),\n type: \"GROUP\",\n },\n {\n priority: 2,\n ruleId: byMetricName.then(byMetricName =\u003e byMetricName.id),\n type: \"GROUP\",\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.waf.get_subscribed_rule_group(name=\"F5 Bot Detection Signatures For AWS WAF\")\nby_metric_name = aws.waf.get_subscribed_rule_group(metric_name=\"F5BotDetectionSignatures\")\n# ...\nacl = aws.waf.WebAcl(\"acl\", rules=[\n aws.waf.WebAclRuleArgs(\n priority=1,\n rule_id=by_name.id,\n type=\"GROUP\",\n ),\n aws.waf.WebAclRuleArgs(\n priority=2,\n rule_id=by_metric_name.id,\n type=\"GROUP\",\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byName = Aws.Waf.GetSubscribedRuleGroup.Invoke(new()\n {\n Name = \"F5 Bot Detection Signatures For AWS WAF\",\n });\n\n var byMetricName = Aws.Waf.GetSubscribedRuleGroup.Invoke(new()\n {\n MetricName = \"F5BotDetectionSignatures\",\n });\n\n // ...\n var acl = new Aws.Waf.WebAcl(\"acl\", new()\n {\n Rules = new[]\n {\n new Aws.Waf.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = byName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n new Aws.Waf.Inputs.WebAclRuleArgs\n {\n Priority = 2,\n RuleId = byMetricName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbyName, err := waf.GetSubscribedRuleGroup(ctx, \u0026waf.GetSubscribedRuleGroupArgs{\n\t\t\tName: pulumi.StringRef(\"F5 Bot Detection Signatures For AWS WAF\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbyMetricName, err := waf.GetSubscribedRuleGroup(ctx, \u0026waf.GetSubscribedRuleGroupArgs{\n\t\t\tMetricName: pulumi.StringRef(\"F5BotDetectionSignatures\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = waf.NewWebAcl(ctx, \"acl\", \u0026waf.WebAclArgs{\n\t\t\tRules: waf.WebAclRuleArray{\n\t\t\t\t\u0026waf.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: *pulumi.String(byName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t\t\u0026waf.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tRuleId: *pulumi.String(byMetricName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.waf.WafFunctions;\nimport com.pulumi.aws.waf.inputs.GetSubscribedRuleGroupArgs;\nimport com.pulumi.aws.waf.WebAcl;\nimport com.pulumi.aws.waf.WebAclArgs;\nimport com.pulumi.aws.waf.inputs.WebAclRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var byName = WafFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .name(\"F5 Bot Detection Signatures For AWS WAF\")\n .build());\n\n final var byMetricName = WafFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .metricName(\"F5BotDetectionSignatures\")\n .build());\n\n var acl = new WebAcl(\"acl\", WebAclArgs.builder() \n .rules( \n WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(byName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build(),\n WebAclRuleArgs.builder()\n .priority(2)\n .ruleId(byMetricName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acl:\n type: aws:waf:WebAcl\n properties:\n rules:\n - priority: 1\n ruleId: ${byName.id}\n type: GROUP\n - priority: 2\n ruleId: ${byMetricName.id}\n type: GROUP\nvariables:\n byName:\n fn::invoke:\n Function: aws:waf:getSubscribedRuleGroup\n Arguments:\n name: F5 Bot Detection Signatures For AWS WAF\n byMetricName:\n fn::invoke:\n Function: aws:waf:getSubscribedRuleGroup\n Arguments:\n metricName: F5BotDetectionSignatures\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "`aws.waf.getSubscribedRuleGroup` retrieves information about a Managed WAF Rule Group from AWS Marketplace (needs to be subscribed to first).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byName = aws.waf.getSubscribedRuleGroup({\n name: \"F5 Bot Detection Signatures For AWS WAF\",\n});\nconst byMetricName = aws.waf.getSubscribedRuleGroup({\n metricName: \"F5BotDetectionSignatures\",\n});\n// ...\nconst acl = new aws.waf.WebAcl(\"acl\", {rules: [\n {\n priority: 1,\n ruleId: byName.then(byName =\u003e byName.id),\n type: \"GROUP\",\n },\n {\n priority: 2,\n ruleId: byMetricName.then(byMetricName =\u003e byMetricName.id),\n type: \"GROUP\",\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.waf.get_subscribed_rule_group(name=\"F5 Bot Detection Signatures For AWS WAF\")\nby_metric_name = aws.waf.get_subscribed_rule_group(metric_name=\"F5BotDetectionSignatures\")\n# ...\nacl = aws.waf.WebAcl(\"acl\", rules=[\n aws.waf.WebAclRuleArgs(\n priority=1,\n rule_id=by_name.id,\n type=\"GROUP\",\n ),\n aws.waf.WebAclRuleArgs(\n priority=2,\n rule_id=by_metric_name.id,\n type=\"GROUP\",\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byName = Aws.Waf.GetSubscribedRuleGroup.Invoke(new()\n {\n Name = \"F5 Bot Detection Signatures For AWS WAF\",\n });\n\n var byMetricName = Aws.Waf.GetSubscribedRuleGroup.Invoke(new()\n {\n MetricName = \"F5BotDetectionSignatures\",\n });\n\n // ...\n var acl = new Aws.Waf.WebAcl(\"acl\", new()\n {\n Rules = new[]\n {\n new Aws.Waf.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = byName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n new Aws.Waf.Inputs.WebAclRuleArgs\n {\n Priority = 2,\n RuleId = byMetricName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbyName, err := waf.GetSubscribedRuleGroup(ctx, \u0026waf.GetSubscribedRuleGroupArgs{\n\t\t\tName: pulumi.StringRef(\"F5 Bot Detection Signatures For AWS WAF\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbyMetricName, err := waf.GetSubscribedRuleGroup(ctx, \u0026waf.GetSubscribedRuleGroupArgs{\n\t\t\tMetricName: pulumi.StringRef(\"F5BotDetectionSignatures\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ...\n\t\t_, err = waf.NewWebAcl(ctx, \"acl\", \u0026waf.WebAclArgs{\n\t\t\tRules: waf.WebAclRuleArray{\n\t\t\t\t\u0026waf.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: *pulumi.String(byName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t\t\u0026waf.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tRuleId: *pulumi.String(byMetricName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.waf.WafFunctions;\nimport com.pulumi.aws.waf.inputs.GetSubscribedRuleGroupArgs;\nimport com.pulumi.aws.waf.WebAcl;\nimport com.pulumi.aws.waf.WebAclArgs;\nimport com.pulumi.aws.waf.inputs.WebAclRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var byName = WafFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .name(\"F5 Bot Detection Signatures For AWS WAF\")\n .build());\n\n final var byMetricName = WafFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .metricName(\"F5BotDetectionSignatures\")\n .build());\n\n var acl = new WebAcl(\"acl\", WebAclArgs.builder() \n .rules( \n WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(byName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build(),\n WebAclRuleArgs.builder()\n .priority(2)\n .ruleId(byMetricName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acl:\n type: aws:waf:WebAcl\n properties:\n rules:\n - priority: 1\n ruleId: ${byName.id}\n type: GROUP\n - priority: 2\n ruleId: ${byMetricName.id}\n type: GROUP\nvariables:\n byName:\n fn::invoke:\n Function: aws:waf:getSubscribedRuleGroup\n Arguments:\n name: F5 Bot Detection Signatures For AWS WAF\n byMetricName:\n fn::invoke:\n Function: aws:waf:getSubscribedRuleGroup\n Arguments:\n metricName: F5BotDetectionSignatures\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getSubscribedRuleGroup.\n", "properties": { @@ -387241,7 +387241,7 @@ } }, "aws:wafregional/getSubscribedRuleGroup:getSubscribedRuleGroup": { - "description": "`aws.wafregional.getSubscribedRuleGroup` retrieves information about a Managed WAF Rule Group from AWS Marketplace for use in WAF Regional (needs to be subscribed to first).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byName = aws.wafregional.getSubscribedRuleGroup({\n name: \"F5 Bot Detection Signatures For AWS WAF\",\n});\nconst byMetricName = aws.wafregional.getSubscribedRuleGroup({\n metricName: \"F5BotDetectionSignatures\",\n});\n// ...\nconst acl = new aws.wafregional.WebAcl(\"acl\", {rules: [\n {\n priority: 1,\n ruleId: byName.then(byName =\u003e byName.id),\n type: \"GROUP\",\n },\n {\n priority: 2,\n ruleId: byMetricName.then(byMetricName =\u003e byMetricName.id),\n type: \"GROUP\",\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.wafregional.get_subscribed_rule_group(name=\"F5 Bot Detection Signatures For AWS WAF\")\nby_metric_name = aws.wafregional.get_subscribed_rule_group(metric_name=\"F5BotDetectionSignatures\")\n# ...\nacl = aws.wafregional.WebAcl(\"acl\", rules=[\n aws.wafregional.WebAclRuleArgs(\n priority=1,\n rule_id=by_name.id,\n type=\"GROUP\",\n ),\n aws.wafregional.WebAclRuleArgs(\n priority=2,\n rule_id=by_metric_name.id,\n type=\"GROUP\",\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byName = Aws.WafRegional.GetSubscribedRuleGroup.Invoke(new()\n {\n Name = \"F5 Bot Detection Signatures For AWS WAF\",\n });\n\n var byMetricName = Aws.WafRegional.GetSubscribedRuleGroup.Invoke(new()\n {\n MetricName = \"F5BotDetectionSignatures\",\n });\n\n // ...\n var acl = new Aws.WafRegional.WebAcl(\"acl\", new()\n {\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = byName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 2,\n RuleId = byMetricName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbyName, err := wafregional.GetSubscribedRuleGroup(ctx, \u0026wafregional.GetSubscribedRuleGroupArgs{\n\t\t\tName: pulumi.StringRef(\"F5 Bot Detection Signatures For AWS WAF\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbyMetricName, err := wafregional.GetSubscribedRuleGroup(ctx, \u0026wafregional.GetSubscribedRuleGroupArgs{\n\t\t\tMetricName: pulumi.StringRef(\"F5BotDetectionSignatures\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAcl(ctx, \"acl\", \u0026wafregional.WebAclArgs{\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: *pulumi.String(byName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tRuleId: *pulumi.String(byMetricName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.WafregionalFunctions;\nimport com.pulumi.aws.wafregional.inputs.GetSubscribedRuleGroupArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var byName = WafregionalFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .name(\"F5 Bot Detection Signatures For AWS WAF\")\n .build());\n\n final var byMetricName = WafregionalFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .metricName(\"F5BotDetectionSignatures\")\n .build());\n\n var acl = new WebAcl(\"acl\", WebAclArgs.builder() \n .rules( \n WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(byName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build(),\n WebAclRuleArgs.builder()\n .priority(2)\n .ruleId(byMetricName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acl:\n type: aws:wafregional:WebAcl\n properties:\n rules:\n - priority: 1\n ruleId: ${byName.id}\n type: GROUP\n - priority: 2\n ruleId: ${byMetricName.id}\n type: GROUP\nvariables:\n byName:\n fn::invoke:\n Function: aws:wafregional:getSubscribedRuleGroup\n Arguments:\n name: F5 Bot Detection Signatures For AWS WAF\n byMetricName:\n fn::invoke:\n Function: aws:wafregional:getSubscribedRuleGroup\n Arguments:\n metricName: F5BotDetectionSignatures\n```\n{{% /example %}}\n{{% /examples %}}", + "description": "`aws.wafregional.getSubscribedRuleGroup` retrieves information about a Managed WAF Rule Group from AWS Marketplace for use in WAF Regional (needs to be subscribed to first).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byName = aws.wafregional.getSubscribedRuleGroup({\n name: \"F5 Bot Detection Signatures For AWS WAF\",\n});\nconst byMetricName = aws.wafregional.getSubscribedRuleGroup({\n metricName: \"F5BotDetectionSignatures\",\n});\n// ...\nconst acl = new aws.wafregional.WebAcl(\"acl\", {rules: [\n {\n priority: 1,\n ruleId: byName.then(byName =\u003e byName.id),\n type: \"GROUP\",\n },\n {\n priority: 2,\n ruleId: byMetricName.then(byMetricName =\u003e byMetricName.id),\n type: \"GROUP\",\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.wafregional.get_subscribed_rule_group(name=\"F5 Bot Detection Signatures For AWS WAF\")\nby_metric_name = aws.wafregional.get_subscribed_rule_group(metric_name=\"F5BotDetectionSignatures\")\n# ...\nacl = aws.wafregional.WebAcl(\"acl\", rules=[\n aws.wafregional.WebAclRuleArgs(\n priority=1,\n rule_id=by_name.id,\n type=\"GROUP\",\n ),\n aws.wafregional.WebAclRuleArgs(\n priority=2,\n rule_id=by_metric_name.id,\n type=\"GROUP\",\n ),\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var byName = Aws.WafRegional.GetSubscribedRuleGroup.Invoke(new()\n {\n Name = \"F5 Bot Detection Signatures For AWS WAF\",\n });\n\n var byMetricName = Aws.WafRegional.GetSubscribedRuleGroup.Invoke(new()\n {\n MetricName = \"F5BotDetectionSignatures\",\n });\n\n // ...\n var acl = new Aws.WafRegional.WebAcl(\"acl\", new()\n {\n Rules = new[]\n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = byName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 2,\n RuleId = byMetricName.Apply(getSubscribedRuleGroupResult =\u003e getSubscribedRuleGroupResult.Id),\n Type = \"GROUP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbyName, err := wafregional.GetSubscribedRuleGroup(ctx, \u0026wafregional.GetSubscribedRuleGroupArgs{\n\t\t\tName: pulumi.StringRef(\"F5 Bot Detection Signatures For AWS WAF\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbyMetricName, err := wafregional.GetSubscribedRuleGroup(ctx, \u0026wafregional.GetSubscribedRuleGroupArgs{\n\t\t\tMetricName: pulumi.StringRef(\"F5BotDetectionSignatures\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// ...\n\t\t_, err = wafregional.NewWebAcl(ctx, \"acl\", \u0026wafregional.WebAclArgs{\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: *pulumi.String(byName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t\t\u0026wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tRuleId: *pulumi.String(byMetricName.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.wafregional.WafregionalFunctions;\nimport com.pulumi.aws.wafregional.inputs.GetSubscribedRuleGroupArgs;\nimport com.pulumi.aws.wafregional.WebAcl;\nimport com.pulumi.aws.wafregional.WebAclArgs;\nimport com.pulumi.aws.wafregional.inputs.WebAclRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var byName = WafregionalFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .name(\"F5 Bot Detection Signatures For AWS WAF\")\n .build());\n\n final var byMetricName = WafregionalFunctions.getSubscribedRuleGroup(GetSubscribedRuleGroupArgs.builder()\n .metricName(\"F5BotDetectionSignatures\")\n .build());\n\n var acl = new WebAcl(\"acl\", WebAclArgs.builder() \n .rules( \n WebAclRuleArgs.builder()\n .priority(1)\n .ruleId(byName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build(),\n WebAclRuleArgs.builder()\n .priority(2)\n .ruleId(byMetricName.applyValue(getSubscribedRuleGroupResult -\u003e getSubscribedRuleGroupResult.id()))\n .type(\"GROUP\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n acl:\n type: aws:wafregional:WebAcl\n properties:\n rules:\n - priority: 1\n ruleId: ${byName.id}\n type: GROUP\n - priority: 2\n ruleId: ${byMetricName.id}\n type: GROUP\nvariables:\n byName:\n fn::invoke:\n Function: aws:wafregional:getSubscribedRuleGroup\n Arguments:\n name: F5 Bot Detection Signatures For AWS WAF\n byMetricName:\n fn::invoke:\n Function: aws:wafregional:getSubscribedRuleGroup\n Arguments:\n metricName: F5BotDetectionSignatures\n```\n{{% /example %}}\n{{% /examples %}}", "inputs": { "description": "A collection of arguments for invoking getSubscribedRuleGroup.\n", "properties": { diff --git a/provider/go.mod b/provider/go.mod index 7f7d9b95ac6..2818c238d56 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -12,7 +12,7 @@ require ( github.com/pulumi/pulumi-terraform-bridge/pf v0.27.0 github.com/pulumi/pulumi-terraform-bridge/v3 v3.74.0 github.com/pulumi/pulumi/pkg/v3 v3.105.0 - github.com/pulumi/pulumi/sdk/v3 v3.105.0 + github.com/pulumi/pulumi/sdk/v3 v3.106.0 github.com/stretchr/testify v1.8.4 pgregory.net/rapid v0.6.1 ) @@ -406,3 +406,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.78.2-0.20240217023359-fdf6fcf8c6df + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.106.1-0.20240217023359-fdf6fcf8c6df diff --git a/provider/go.sum b/provider/go.sum index 7484e15be08..f811bfbcb2a 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -2502,10 +2502,10 @@ github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.7 h1:Z9vmfVTW0QtJrWh+DRR3 github.com/pulumi/pulumi-terraform-bridge/x/muxer v0.0.7/go.mod h1:T9zHpTHyVz2EyobzByFFpjfqgGtXO4C4bNqC0j29D2I= github.com/pulumi/pulumi-yaml v1.5.0 h1:HfXu+WSFNpycref9CK935cViYJzXwSgHGWM/RepyrW0= github.com/pulumi/pulumi-yaml v1.5.0/go.mod h1:AvKSmEQv2EkPbpvAQroR1eP1LkJGC8z5NDM34rVWOtg= -github.com/pulumi/pulumi/pkg/v3 v3.105.0 h1:bJG1vUiYH2gDF1pfBKlIABDNoJD2LvU1LmjjL+EbvuM= -github.com/pulumi/pulumi/pkg/v3 v3.105.0/go.mod h1:eZAFEFOwE/skElTfwetfyTxPebmWr5vOS5NSU9XwlVw= -github.com/pulumi/pulumi/sdk/v3 v3.105.0 h1:OKEeubZigWyQVnZS6udnFnZHZ/8OWXuUYv9ir3OY+vs= -github.com/pulumi/pulumi/sdk/v3 v3.105.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= +github.com/pulumi/pulumi/pkg/v3 v3.78.2-0.20240217023359-fdf6fcf8c6df h1:LYg0zgngmptXy2B7bZQGHRcTsXsTP/KBRPzGY9aMgb8= +github.com/pulumi/pulumi/pkg/v3 v3.78.2-0.20240217023359-fdf6fcf8c6df/go.mod h1:sZMGEPMp2sLbB0PEyrPWDvAX+W2AwOptAKnKOHyX01k= +github.com/pulumi/pulumi/sdk/v3 v3.106.1-0.20240217023359-fdf6fcf8c6df h1:MFIXR2vzpLwM7gcu5O4cxeSFRiKdGX2zMEoMtjgBrf8= +github.com/pulumi/pulumi/sdk/v3 v3.106.1-0.20240217023359-fdf6fcf8c6df/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo= github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= diff --git a/sdk/go.mod b/sdk/go.mod index 4c101e20ec5..09b4b618d1f 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -94,3 +94,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.78.2-0.20240217023359-fdf6fcf8c6df + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.106.1-0.20240217023359-fdf6fcf8c6df diff --git a/sdk/go.sum b/sdk/go.sum index 3224003044f..8bf7349b7d5 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -148,8 +148,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.6.2 h1:+z+l8cuwIauLSwXQS0uoI3rqB+YG4SzsZYtHfNoXBvw= github.com/pulumi/esc v0.6.2/go.mod h1:jNnYNjzsOgVTjCp0LL24NsCk8ZJxq4IoLQdCT0X7l8k= -github.com/pulumi/pulumi/sdk/v3 v3.105.0 h1:OKEeubZigWyQVnZS6udnFnZHZ/8OWXuUYv9ir3OY+vs= -github.com/pulumi/pulumi/sdk/v3 v3.105.0/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= +github.com/pulumi/pulumi/sdk/v3 v3.106.1-0.20240217023359-fdf6fcf8c6df h1:MFIXR2vzpLwM7gcu5O4cxeSFRiKdGX2zMEoMtjgBrf8= +github.com/pulumi/pulumi/sdk/v3 v3.106.1-0.20240217023359-fdf6fcf8c6df/go.mod h1:Ml3rpGfyZlI4zQCG7LN2XDSmH4XUNYdyBwJ3yEr/OpI= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis=