Beispiel #1
0
 public MyStack()
 {
     var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
     {
         CidrBlock = "10.0.0.0/16",
         Tags      =
         {
             { "Name", "tf-test" },
         },
     });
     var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-west-2a",
         CidrBlock        = "10.0.0.0/24",
         Tags             =
         {
             { "Name", "tf-test" },
         },
         VpcId = fooVpc.Id,
     });
     var bar = new Aws.ElastiCache.SubnetGroup("bar", new Aws.ElastiCache.SubnetGroupArgs
     {
         SubnetIds =
         {
             fooSubnet.Id,
         },
     });
 }
Beispiel #2
0
 public MyStack()
 {
     var main = new Aws.Ec2.Subnet("main", new Aws.Ec2.SubnetArgs
     {
         CidrBlock = "10.0.1.0/24",
         Tags      =
         {
             { "Name", "Main" },
         },
         VpcId = aws_vpc.Main.Id,
     });
 }
Beispiel #3
0
    private static void ConfigureNetworking()
    {
        var vpc = new Ec2.Vpc($"{baseName}-vpc", new Ec2.VpcArgs()
        {
            EnableDnsSupport   = true,
            EnableDnsHostnames = true,
            CidrBlock          = "10.0.0.0/16",
        });

        var subnetOne = new Ec2.Subnet($"{baseName}-subnet-one", new Ec2.SubnetArgs()
        {
            VpcId               = vpc.Id,
            CidrBlock           = "10.0.0.0/24",
            MapPublicIpOnLaunch = true,
            AvailabilityZone    = "eu-west-1a",
        });

        var subnetTwo = new Ec2.Subnet($"{baseName}-subnet-two", new Ec2.SubnetArgs()
        {
            VpcId               = vpc.Id,
            CidrBlock           = "10.0.1.0/24",
            MapPublicIpOnLaunch = true,
            AvailabilityZone    = "eu-west-1b",
        });

        var gateway = new Ec2.InternetGateway($"{baseName}-gateway", new Ec2.InternetGatewayArgs()
        {
            VpcId = vpc.Id,
        });

        var routeTable = new Ec2.RouteTable($"{baseName}-routetable", new Ec2.RouteTableArgs()
        {
            VpcId = vpc.Id,
        });

        var publicRoute = new Ec2.Route($"{baseName}-publicroute", new Ec2.RouteArgs()
        {
            RouteTableId         = routeTable.Id,
            DestinationCidrBlock = "0.0.0.0/0",
            GatewayId            = gateway.Id,
        });

        var subnetOneRouteAssociation = new Ec2.RouteTableAssociation($"{baseName}-subnetoneroutes", new Ec2.RouteTableAssociationArgs()
        {
            SubnetId     = subnetOne.Id,
            RouteTableId = routeTable.Id,
        });

        vpcId       = vpc.Id;
        subnetId    = subnetOne.Id;
        subnetTwoId = subnetTwo.Id;
    }
Beispiel #4
0
 public MyStack()
 {
     var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation("secondaryCidr", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs
     {
         CidrBlock = "172.2.0.0/16",
         VpcId     = aws_vpc.Main.Id,
     });
     var inSecondaryCidr = new Aws.Ec2.Subnet("inSecondaryCidr", new Aws.Ec2.SubnetArgs
     {
         CidrBlock = "172.2.0.0/24",
         VpcId     = secondaryCidr.VpcId,
     });
 }
Beispiel #5
0
 public MyStack()
 {
     var config          = new Config();
     var securityGroupId = config.RequireObject <dynamic>("securityGroupId");
     var selected        = Output.Create(Aws.Ec2.GetSecurityGroup.InvokeAsync(new Aws.Ec2.GetSecurityGroupArgs
     {
         Id = securityGroupId,
     }));
     var subnet = new Aws.Ec2.Subnet("subnet", new Aws.Ec2.SubnetArgs
     {
         CidrBlock = "10.0.1.0/24",
         VpcId     = selected.Apply(selected => selected.VpcId),
     });
 }
Beispiel #6
0
 public MyStack()
 {
     var available = Output.Create(Aws.GetAvailabilityZones.InvokeAsync(new Aws.GetAvailabilityZonesArgs
     {
         State = "available",
     }));
     var primary = new Aws.Ec2.Subnet("primary", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = available.Apply(available => available.Names[0]),
     });
     // ...
     var secondary = new Aws.Ec2.Subnet("secondary", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = available.Apply(available => available.Names[1]),
     });
     // ...
 }
Beispiel #7
0
 public MyStack()
 {
     var foo = new Aws.Ec2.Vpc("foo", new Aws.Ec2.VpcArgs
     {
         CidrBlock = "10.0.0.0/16",
     });
     var alphaSubnet = new Aws.Ec2.Subnet("alphaSubnet", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-west-2a",
         CidrBlock        = "10.0.1.0/24",
         VpcId            = foo.Id,
     });
     var alphaMountTarget = new Aws.Efs.MountTarget("alphaMountTarget", new Aws.Efs.MountTargetArgs
     {
         FileSystemId = aws_efs_file_system.Foo.Id,
         SubnetId     = alphaSubnet.Id,
     });
 }
Beispiel #8
0
 public MyStack()
 {
     var mainVpc = new Aws.Ec2.Vpc("mainVpc", new Aws.Ec2.VpcArgs
     {
         CidrBlock = "10.0.0.0/16",
     });
     var private_a = new Aws.Ec2.Subnet("private-a", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-east-1a",
         CidrBlock        = "10.0.0.0/24",
         VpcId            = mainVpc.Id,
     });
     var private_b = new Aws.Ec2.Subnet("private-b", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-east-1b",
         CidrBlock        = "10.0.1.0/24",
         VpcId            = mainVpc.Id,
     });
     var mainDirectory = new Aws.DirectoryService.Directory("mainDirectory", new Aws.DirectoryService.DirectoryArgs
     {
         Password    = "******",
         Size        = "Small",
         VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs
         {
             SubnetIds =
             {
                 private_a.Id,
                 private_b.Id,
             },
             VpcId = mainVpc.Id,
         },
     });
     var mainWorkspaces_directoryDirectory = new Aws.Workspaces.Directory("mainWorkspaces/directoryDirectory", new Aws.Workspaces.DirectoryArgs
     {
         DirectoryId            = mainDirectory.Id,
         SelfServicePermissions = new Aws.Workspaces.Inputs.DirectorySelfServicePermissionsArgs
         {
             IncreaseVolumeSize = true,
             RebuildWorkspace   = true,
         },
     });
 }
Beispiel #9
0
 public MyStack()
 {
     // Map public IP on launch must be enabled for public (Internet accessible) subnets
     var exampleSubnet = new Aws.Ec2.Subnet("exampleSubnet", new Aws.Ec2.SubnetArgs
     {
         MapPublicIpOnLaunch = true,
     });
     var exampleCluster = new Aws.Emr.Cluster("exampleCluster", new Aws.Emr.ClusterArgs
     {
         CoreInstanceGroup =,
         Ec2Attributes     = new Aws.Emr.Inputs.ClusterEc2AttributesArgs
         {
             SubnetId = exampleSubnet.Id,
         },
         MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs
         {
             InstanceCount = 3,
         },
         ReleaseLabel          = "emr-5.24.1",
         TerminationProtection = true,
     });
Beispiel #10
0
 public MyStack()
 {
     var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
     {
         CidrBlock = "10.0.0.0/16",
     });
     var foo = new Aws.Ec2.Subnet("foo", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-west-2a",
         CidrBlock        = "10.0.1.0/24",
         VpcId            = main.Id,
     });
     var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-west-2b",
         CidrBlock        = "10.0.2.0/24",
         VpcId            = main.Id,
     });
     var connector = new Aws.DirectoryService.Directory("connector", new Aws.DirectoryService.DirectoryArgs
     {
         ConnectSettings = new Aws.DirectoryService.Inputs.DirectoryConnectSettingsArgs
         {
             CustomerDnsIps =
             {
                 "A.B.C.D",
             },
             CustomerUsername = "******",
             SubnetIds        =
             {
                 foo.Id,
                 bar.Id,
             },
             VpcId = main.Id,
         },
         Password = "******",
         Size     = "Small",
         Type     = "ADConnector",
     });
 }
Beispiel #11
0
 public MyStack()
 {
     var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
     {
         CidrBlock = "10.1.0.0/16",
     });
     var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-west-2a",
         CidrBlock        = "10.1.1.0/24",
         Tags             =
         {
             { "Name", "tf-dbsubnet-test-1" },
         },
         VpcId = fooVpc.Id,
     });
     var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-west-2b",
         CidrBlock        = "10.1.2.0/24",
         Tags             =
         {
             { "Name", "tf-dbsubnet-test-2" },
         },
         VpcId = fooVpc.Id,
     });
     var fooSubnetGroup = new Aws.RedShift.SubnetGroup("fooSubnetGroup", new Aws.RedShift.SubnetGroupArgs
     {
         SubnetIds =
         {
             fooSubnet.Id,
             bar.Id,
         },
         Tags =
         {
             { "environment", "Production" },
         },
     });
 }
Beispiel #12
0
 public MyStack()
 {
     var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
     {
         CidrBlock = "10.0.0.0/16",
     });
     var foo = new Aws.Ec2.Subnet("foo", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-west-2a",
         CidrBlock        = "10.0.1.0/24",
         VpcId            = main.Id,
     });
     var barSubnet = new Aws.Ec2.Subnet("barSubnet", new Aws.Ec2.SubnetArgs
     {
         AvailabilityZone = "us-west-2b",
         CidrBlock        = "10.0.2.0/24",
         VpcId            = main.Id,
     });
     var barDirectory = new Aws.DirectoryService.Directory("barDirectory", new Aws.DirectoryService.DirectoryArgs
     {
         Edition  = "Standard",
         Password = "******",
         Tags     =
         {
             { "Project", "foo" },
         },
         Type        = "MicrosoftAD",
         VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs
         {
             SubnetIds =
             {
                 foo.Id,
                 barSubnet.Id,
             },
             VpcId = main.Id,
         },
     });
 }
    static Task <int> Main()
    {
        return(Deployment.RunAsync(async() => {
            var region = Aws.Config.Region;
            var fullProjectStack = $"{Deployment.Instance.ProjectName}-{Deployment.Instance.StackName}";

            // Create the VPC.
            var vpc = new Ec2.Vpc("VPC", new Ec2.VpcArgs {
                CidrBlock = Config.VpcCidr,
                InstanceTenancy = Config.VpcTenancy,
                EnableDnsSupport = true,
                EnableDnsHostnames = true,
                Tags = new Dictionary <string, object> {
                    { "Name", fullProjectStack }
                },
            });

            // Associate DHCP options with our VPC.
            var dhcpOptions = new Ec2.VpcDhcpOptions("DHCPOptions", new Ec2.VpcDhcpOptionsArgs {
                DomainName = (region == "us-east-1" ? "ec2.internal" : $"{region}.compute.internal"),
                DomainNameServers = { "AmazonProvidedDNS" },
            });
            var vpcDhcpOptionsAssociation = new Ec2.VpcDhcpOptionsAssociation("VPCDHCPOptionsAssociation", new Ec2.VpcDhcpOptionsAssociationArgs {
                VpcId = vpc.Id,
                DhcpOptionsId = dhcpOptions.Id,
            });

            // Create an Internet Gateway for our public subnet to connect to the Internet.
            var internetGateway = new Ec2.InternetGateway("InternetGateway", new Ec2.InternetGatewayArgs {
                VpcId = vpc.Id,
                Tags = new Dictionary <string, object> {
                    { "Name", fullProjectStack }
                },
            });

            // Creat a Route Table for public subnets to use the Internet Gateway for 0.0.0.0/0 traffic.
            var publicSubnetRouteTable = new Ec2.RouteTable("PublicSubnetRouteTable", new Ec2.RouteTableArgs {
                VpcId = vpc.Id,
                Tags = new Dictionary <string, object> {
                    { "Name", "Public Subnets" },
                    { "Network", "Public" },
                },
            });
            var publicSubnetRoute = new Ec2.Route("PublicSubnetRoute", new Ec2.RouteArgs {
                RouteTableId = publicSubnetRouteTable.Id,
                DestinationCidrBlock = "0.0.0.0/0",
                GatewayId = internetGateway.Id,
            });

            // For each AZ, create the NAT Gateways and public and private subnets. Keep track of various properties
            // so that they can be exported as top-level stack exports later on.
            var natEips = ImmutableArray.CreateBuilder <Output <string> >();
            var publicSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
            var privateSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
            var protectedSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
            var privateSubnetRouteTableIds = ImmutableArray.CreateBuilder <Output <string> >();
            var publicSubnetCidrs = await Config.GetPublicSubnetCidrs();
            var publicSubnetTags = await Config.GetPublicSubnetTags();
            var privateSubnetCidrs = await Config.GetPrivateSubnetCidrs();
            var privateSubnetTags = await Config.GetPrivateSubnetTags();
            var protectedSubnetCidrs = await Config.GetProtectedSubnetCidrs();
            var protectedSubnetTags = await Config.GetProtectedSubnetTags();

            var azs = await Config.GetAvailabilityZones();
            for (var i = 0; i < azs.Length; i++)
            {
                var az = azs[i];

                // Each AZ gets a public subnet.
                var publicSubnet = new Ec2.Subnet($"PublicSubnet{i}", new Ec2.SubnetArgs {
                    VpcId = vpc.Id,
                    AvailabilityZone = az,
                    CidrBlock = publicSubnetCidrs[i],
                    MapPublicIpOnLaunch = true,
                    Tags = publicSubnetTags[i].Add("Name", $"Public subnet {i}"),
                });
                publicSubnetIds.Add(publicSubnet.Id);

                var publicSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PublicSubnet{i}RouteTableAssociation", new Ec2.RouteTableAssociationArgs {
                    SubnetId = publicSubnet.Id,
                    RouteTableId = publicSubnetRouteTable.Id,
                });

                // If desired, create a NAT Gateway and private subnet for each AZ.
                if (Config.CreatePrivateSubnets)
                {
                    var natEip = new Ec2.Eip($"NAT{i}EIP", new Ec2.EipArgs {
                        Vpc = true
                    }, new CustomResourceOptions {
                        DependsOn = { internetGateway }
                    });
                    var natGateway = new Ec2.NatGateway($"NATGateway{i}", new Ec2.NatGatewayArgs {
                        SubnetId = publicSubnet.Id,
                        AllocationId = natEip.Id,
                    });
                    natEips.Add(natEip.PublicIp);

                    var privateSubnet = new Ec2.Subnet($"PrivateSubnet{i}A", new Ec2.SubnetArgs {
                        VpcId = vpc.Id,
                        AvailabilityZone = az,
                        CidrBlock = privateSubnetCidrs[i],
                        Tags = privateSubnetTags[i].Add("Name", $"Private subnet {i}A"),
                    });
                    privateSubnetIds.Add(privateSubnet.Id);

                    var privateSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}ARouteTable", new Ec2.RouteTableArgs {
                        VpcId = vpc.Id,
                        Tags = new Dictionary <string, object> {
                            { "Name", $"Private subnet {i}A" },
                            { "Network", "Private" },
                        },
                    });
                    var privateSubnetRoute = new Ec2.Route($"PrivateSubnet{i}ARoute", new Ec2.RouteArgs {
                        RouteTableId = privateSubnetRouteTable.Id,
                        DestinationCidrBlock = "0.0.0.0/0",
                        NatGatewayId = natGateway.Id,
                    });
                    var privateSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}ARouteTableAssociation", new Ec2.RouteTableAssociationArgs {
                        SubnetId = privateSubnet.Id,
                        RouteTableId = privateSubnetRouteTable.Id,
                    });

                    // Remember the route table ID for the VPC endpoint later.
                    privateSubnetRouteTableIds.Add(privateSubnetRouteTable.Id);

                    // If desired, create additional private subnets with dedicated network ACLs for extra protection.
                    if (Config.CreateProtectedSubnets)
                    {
                        var protectedSubnet = new Ec2.Subnet($"PrivateSubnet{i}B", new Ec2.SubnetArgs {
                            VpcId = vpc.Id,
                            AvailabilityZone = az,
                            CidrBlock = protectedSubnetCidrs[i],
                            Tags = protectedSubnetTags[i].Add("Name", $"Private subnet ${i}B"),
                        });
                        protectedSubnetIds.Add(protectedSubnet.Id);

                        var protectedSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}BRouteTable", new Ec2.RouteTableArgs {
                            VpcId = vpc.Id,
                            Tags = new Dictionary <string, object> {
                                { "Name", $"Private subnet {i}B" },
                                { "Network", "Private" },
                            },
                        });
                        var protectedSubnetRoute = new Ec2.Route($"PrivateSubnet{i}BRoute", new Ec2.RouteArgs {
                            RouteTableId = protectedSubnetRouteTable.Id,
                            DestinationCidrBlock = "0.0.0.0/0",
                            NatGatewayId = natGateway.Id,
                        });
                        var protectedSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}BRouteTableAssociation", new Ec2.RouteTableAssociationArgs {
                            SubnetId = protectedSubnet.Id,
                            RouteTableId = protectedSubnetRouteTable.Id,
                        });
                        var protectedSubnetNetworkAcl = new Ec2.NetworkAcl($"PrivateSubnet{i}BNetworkAcl", new Ec2.NetworkAclArgs {
                            VpcId = vpc.Id,
                            SubnetIds = { protectedSubnet.Id },
                            Tags = new Dictionary <string, object> {
                                { "Name", $"NACL protected subnet {i}" },
                                { "Network", "NACL Protected" },
                            },
                        });
                        var protectedSubnetNetworkAclEntryInbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryInbound", new Ec2.NetworkAclRuleArgs {
                            NetworkAclId = protectedSubnetNetworkAcl.Id,
                            CidrBlock = "0.0.0.0/0",
                            Egress = false,
                            Protocol = "-1",
                            RuleAction = "allow",
                            RuleNumber = 100,
                        });
                        var protectedSubnetNetworkAclEntryOutbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryOutbound", new Ec2.NetworkAclRuleArgs {
                            NetworkAclId = protectedSubnetNetworkAcl.Id,
                            CidrBlock = "0.0.0.0/0",
                            Egress = true,
                            Protocol = "-1",
                            RuleAction = "allow",
                            RuleNumber = 100,
                        });

                        // Remember the route table ID for the VPC endpoint later.
                        privateSubnetRouteTableIds.Add(protectedSubnetRouteTable.Id);
                    }
                }
            }

            // If we created private subnets, allocate an S3 VPC Endpoint to simplify access to S3.
            Output <string>?s3VpcEndpointId = null;
            if (Config.CreatePrivateSubnets)
            {
                s3VpcEndpointId = new Ec2.VpcEndpoint("S3VPCEndpoint", new Ec2.VpcEndpointArgs {
                    VpcId = vpc.Id,
                    Policy = @"{
    ""Version"": ""2012-10-17"",
    ""Statement"": [{
        ""Action"": ""*"",
        ""Effect"": ""Allow"",
        ""Resource"": ""*"",
        ""Principal"": ""*""
    }]
}
",
                    RouteTableIds = privateSubnetRouteTableIds.ToImmutable(),
                    ServiceName = $"com.amazonaws.{region}.s3",
                }).Id;
            }

            // Export all of the resulting properties that upstream stacks may want to consume.
            return new Dictionary <string, object?>
            {
                { "vpcId", vpc.Id },
                { "vpcCidr", vpc.CidrBlock },
                { "natEips", natEips.ToImmutableArray() },
                { "publicSubnetIds", publicSubnetIds.ToImmutableArray() },
                { "publicSubnetCidrs", publicSubnetCidrs },
                { "publicSubnetRouteTableId", publicSubnetRouteTable.Id },
                { "privateSubnetIds", privateSubnetIds.ToImmutableArray() },
                { "privateSubnetCidrs", privateSubnetCidrs },
                { "protectedSubnetIds", protectedSubnetIds.ToImmutableArray() },
                { "protectedSubnetCidrs", protectedSubnetCidrs },
                { "privateSubnetRouteTableIds", privateSubnetRouteTableIds.ToImmutableArray() },
                { "s3VpcEndpointId", s3VpcEndpointId },
            };
        }));
    }
Beispiel #14
0
    public MyStack()
    {
        var ecsInstanceRoleRole = new Aws.Iam.Role("ecsInstanceRoleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
    ""Version"": ""2012-10-17"",
    ""Statement"": [
	{
	    ""Action"": ""sts:AssumeRole"",
	    ""Effect"": ""Allow"",
	    ""Principal"": {
		""Service"": ""ec2.amazonaws.com""
	    }
	}
    ]
}

",
        });
        var ecsInstanceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("ecsInstanceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
            Role      = ecsInstanceRoleRole.Name,
        });
        var ecsInstanceRoleInstanceProfile = new Aws.Iam.InstanceProfile("ecsInstanceRoleInstanceProfile", new Aws.Iam.InstanceProfileArgs
        {
            Role = ecsInstanceRoleRole.Name,
        });
        var awsBatchServiceRoleRole = new Aws.Iam.Role("awsBatchServiceRoleRole", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
    ""Version"": ""2012-10-17"",
    ""Statement"": [
	{
	    ""Action"": ""sts:AssumeRole"",
	    ""Effect"": ""Allow"",
	    ""Principal"": {
		""Service"": ""batch.amazonaws.com""
	    }
	}
    ]
}

",
        });
        var awsBatchServiceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("awsBatchServiceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole",
            Role      = awsBatchServiceRoleRole.Name,
        });
        var sampleSecurityGroup = new Aws.Ec2.SecurityGroup("sampleSecurityGroup", new Aws.Ec2.SecurityGroupArgs
        {
            Egress =
            {
                new Aws.Ec2.Inputs.SecurityGroupEgressArgs
                {
                    CidrBlocks =
                    {
                        "0.0.0.0/0",
                    },
                    FromPort = 0,
                    Protocol = "-1",
                    ToPort   = 0,
                },
            },
        });
        var sampleVpc = new Aws.Ec2.Vpc("sampleVpc", new Aws.Ec2.VpcArgs
        {
            CidrBlock = "10.1.0.0/16",
        });
        var sampleSubnet = new Aws.Ec2.Subnet("sampleSubnet", new Aws.Ec2.SubnetArgs
        {
            CidrBlock = "10.1.1.0/24",
            VpcId     = sampleVpc.Id,
        });
        var sampleComputeEnvironment = new Aws.Batch.ComputeEnvironment("sampleComputeEnvironment", new Aws.Batch.ComputeEnvironmentArgs
        {
            ComputeEnvironmentName = "sample",
            ComputeResources       = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs
            {
                InstanceRole = ecsInstanceRoleInstanceProfile.Arn,
                InstanceType =
                {
                    "c4.large",
                },
                MaxVcpus         = 16,
                MinVcpus         = 0,
                SecurityGroupIds =
                {
                    sampleSecurityGroup.Id,
                },
                Subnets =
                {
                    sampleSubnet.Id,
                },
                Type = "EC2",
            },
            ServiceRole = awsBatchServiceRoleRole.Arn,
            Type        = "MANAGED",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                "aws_iam_role_policy_attachment.aws_batch_service_role",
            },
        });
    }