public MyStack()
{
var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
Tags =
{
{ "Name", "tf-test" },
},
});
var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.0.0/24",
Tags =
{
{ "Name", "tf-test" },
},
VpcId = fooVpc.Id,
});
var bar = new Aws.ElastiCache.SubnetGroup("bar", new Aws.ElastiCache.SubnetGroupArgs
{
SubnetIds =
{
fooSubnet.Id,
},
});
}
public MyStack()
{
var main = new Aws.Ec2.Subnet("main", new Aws.Ec2.SubnetArgs
{
CidrBlock = "10.0.1.0/24",
Tags =
{
{ "Name", "Main" },
},
VpcId = aws_vpc.Main.Id,
});
}
private static void ConfigureNetworking()
{
var vpc = new Ec2.Vpc($"{baseName}-vpc", new Ec2.VpcArgs()
{
EnableDnsSupport = true,
EnableDnsHostnames = true,
CidrBlock = "10.0.0.0/16",
});
var subnetOne = new Ec2.Subnet($"{baseName}-subnet-one", new Ec2.SubnetArgs()
{
VpcId = vpc.Id,
CidrBlock = "10.0.0.0/24",
MapPublicIpOnLaunch = true,
AvailabilityZone = "eu-west-1a",
});
var subnetTwo = new Ec2.Subnet($"{baseName}-subnet-two", new Ec2.SubnetArgs()
{
VpcId = vpc.Id,
CidrBlock = "10.0.1.0/24",
MapPublicIpOnLaunch = true,
AvailabilityZone = "eu-west-1b",
});
var gateway = new Ec2.InternetGateway($"{baseName}-gateway", new Ec2.InternetGatewayArgs()
{
VpcId = vpc.Id,
});
var routeTable = new Ec2.RouteTable($"{baseName}-routetable", new Ec2.RouteTableArgs()
{
VpcId = vpc.Id,
});
var publicRoute = new Ec2.Route($"{baseName}-publicroute", new Ec2.RouteArgs()
{
RouteTableId = routeTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
GatewayId = gateway.Id,
});
var subnetOneRouteAssociation = new Ec2.RouteTableAssociation($"{baseName}-subnetoneroutes", new Ec2.RouteTableAssociationArgs()
{
SubnetId = subnetOne.Id,
RouteTableId = routeTable.Id,
});
vpcId = vpc.Id;
subnetId = subnetOne.Id;
subnetTwoId = subnetTwo.Id;
}
public MyStack()
{
var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation("secondaryCidr", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs
{
CidrBlock = "172.2.0.0/16",
VpcId = aws_vpc.Main.Id,
});
var inSecondaryCidr = new Aws.Ec2.Subnet("inSecondaryCidr", new Aws.Ec2.SubnetArgs
{
CidrBlock = "172.2.0.0/24",
VpcId = secondaryCidr.VpcId,
});
}
public MyStack()
{
var config = new Config();
var securityGroupId = config.RequireObject <dynamic>("securityGroupId");
var selected = Output.Create(Aws.Ec2.GetSecurityGroup.InvokeAsync(new Aws.Ec2.GetSecurityGroupArgs
{
Id = securityGroupId,
}));
var subnet = new Aws.Ec2.Subnet("subnet", new Aws.Ec2.SubnetArgs
{
CidrBlock = "10.0.1.0/24",
VpcId = selected.Apply(selected => selected.VpcId),
});
}
public MyStack()
{
var available = Output.Create(Aws.GetAvailabilityZones.InvokeAsync(new Aws.GetAvailabilityZonesArgs
{
State = "available",
}));
var primary = new Aws.Ec2.Subnet("primary", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = available.Apply(available => available.Names[0]),
});
// ...
var secondary = new Aws.Ec2.Subnet("secondary", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = available.Apply(available => available.Names[1]),
});
// ...
}
public MyStack()
{
var foo = new Aws.Ec2.Vpc("foo", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var alphaSubnet = new Aws.Ec2.Subnet("alphaSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.1.0/24",
VpcId = foo.Id,
});
var alphaMountTarget = new Aws.Efs.MountTarget("alphaMountTarget", new Aws.Efs.MountTargetArgs
{
FileSystemId = aws_efs_file_system.Foo.Id,
SubnetId = alphaSubnet.Id,
});
}
public MyStack()
{
var mainVpc = new Aws.Ec2.Vpc("mainVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var private_a = new Aws.Ec2.Subnet("private-a", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-east-1a",
CidrBlock = "10.0.0.0/24",
VpcId = mainVpc.Id,
});
var private_b = new Aws.Ec2.Subnet("private-b", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-east-1b",
CidrBlock = "10.0.1.0/24",
VpcId = mainVpc.Id,
});
var mainDirectory = new Aws.DirectoryService.Directory("mainDirectory", new Aws.DirectoryService.DirectoryArgs
{
Password = "******",
Size = "Small",
VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs
{
SubnetIds =
{
private_a.Id,
private_b.Id,
},
VpcId = mainVpc.Id,
},
});
var mainWorkspaces_directoryDirectory = new Aws.Workspaces.Directory("mainWorkspaces/directoryDirectory", new Aws.Workspaces.DirectoryArgs
{
DirectoryId = mainDirectory.Id,
SelfServicePermissions = new Aws.Workspaces.Inputs.DirectorySelfServicePermissionsArgs
{
IncreaseVolumeSize = true,
RebuildWorkspace = true,
},
});
}
public MyStack()
{
// Map public IP on launch must be enabled for public (Internet accessible) subnets
var exampleSubnet = new Aws.Ec2.Subnet("exampleSubnet", new Aws.Ec2.SubnetArgs
{
MapPublicIpOnLaunch = true,
});
var exampleCluster = new Aws.Emr.Cluster("exampleCluster", new Aws.Emr.ClusterArgs
{
CoreInstanceGroup =,
Ec2Attributes = new Aws.Emr.Inputs.ClusterEc2AttributesArgs
{
SubnetId = exampleSubnet.Id,
},
MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs
{
InstanceCount = 3,
},
ReleaseLabel = "emr-5.24.1",
TerminationProtection = true,
});
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var foo = new Aws.Ec2.Subnet("foo", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.1.0/24",
VpcId = main.Id,
});
var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2b",
CidrBlock = "10.0.2.0/24",
VpcId = main.Id,
});
var connector = new Aws.DirectoryService.Directory("connector", new Aws.DirectoryService.DirectoryArgs
{
ConnectSettings = new Aws.DirectoryService.Inputs.DirectoryConnectSettingsArgs
{
CustomerDnsIps =
{
"A.B.C.D",
},
CustomerUsername = "******",
SubnetIds =
{
foo.Id,
bar.Id,
},
VpcId = main.Id,
},
Password = "******",
Size = "Small",
Type = "ADConnector",
});
}
public MyStack()
{
var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.1.1.0/24",
Tags =
{
{ "Name", "tf-dbsubnet-test-1" },
},
VpcId = fooVpc.Id,
});
var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2b",
CidrBlock = "10.1.2.0/24",
Tags =
{
{ "Name", "tf-dbsubnet-test-2" },
},
VpcId = fooVpc.Id,
});
var fooSubnetGroup = new Aws.RedShift.SubnetGroup("fooSubnetGroup", new Aws.RedShift.SubnetGroupArgs
{
SubnetIds =
{
fooSubnet.Id,
bar.Id,
},
Tags =
{
{ "environment", "Production" },
},
});
}
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var foo = new Aws.Ec2.Subnet("foo", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.1.0/24",
VpcId = main.Id,
});
var barSubnet = new Aws.Ec2.Subnet("barSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2b",
CidrBlock = "10.0.2.0/24",
VpcId = main.Id,
});
var barDirectory = new Aws.DirectoryService.Directory("barDirectory", new Aws.DirectoryService.DirectoryArgs
{
Edition = "Standard",
Password = "******",
Tags =
{
{ "Project", "foo" },
},
Type = "MicrosoftAD",
VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs
{
SubnetIds =
{
foo.Id,
barSubnet.Id,
},
VpcId = main.Id,
},
});
}
static Task <int> Main()
{
return(Deployment.RunAsync(async() => {
var region = Aws.Config.Region;
var fullProjectStack = $"{Deployment.Instance.ProjectName}-{Deployment.Instance.StackName}";
// Create the VPC.
var vpc = new Ec2.Vpc("VPC", new Ec2.VpcArgs {
CidrBlock = Config.VpcCidr,
InstanceTenancy = Config.VpcTenancy,
EnableDnsSupport = true,
EnableDnsHostnames = true,
Tags = new Dictionary <string, object> {
{ "Name", fullProjectStack }
},
});
// Associate DHCP options with our VPC.
var dhcpOptions = new Ec2.VpcDhcpOptions("DHCPOptions", new Ec2.VpcDhcpOptionsArgs {
DomainName = (region == "us-east-1" ? "ec2.internal" : $"{region}.compute.internal"),
DomainNameServers = { "AmazonProvidedDNS" },
});
var vpcDhcpOptionsAssociation = new Ec2.VpcDhcpOptionsAssociation("VPCDHCPOptionsAssociation", new Ec2.VpcDhcpOptionsAssociationArgs {
VpcId = vpc.Id,
DhcpOptionsId = dhcpOptions.Id,
});
// Create an Internet Gateway for our public subnet to connect to the Internet.
var internetGateway = new Ec2.InternetGateway("InternetGateway", new Ec2.InternetGatewayArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", fullProjectStack }
},
});
// Creat a Route Table for public subnets to use the Internet Gateway for 0.0.0.0/0 traffic.
var publicSubnetRouteTable = new Ec2.RouteTable("PublicSubnetRouteTable", new Ec2.RouteTableArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", "Public Subnets" },
{ "Network", "Public" },
},
});
var publicSubnetRoute = new Ec2.Route("PublicSubnetRoute", new Ec2.RouteArgs {
RouteTableId = publicSubnetRouteTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
GatewayId = internetGateway.Id,
});
// For each AZ, create the NAT Gateways and public and private subnets. Keep track of various properties
// so that they can be exported as top-level stack exports later on.
var natEips = ImmutableArray.CreateBuilder <Output <string> >();
var publicSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
var privateSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
var protectedSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
var privateSubnetRouteTableIds = ImmutableArray.CreateBuilder <Output <string> >();
var publicSubnetCidrs = await Config.GetPublicSubnetCidrs();
var publicSubnetTags = await Config.GetPublicSubnetTags();
var privateSubnetCidrs = await Config.GetPrivateSubnetCidrs();
var privateSubnetTags = await Config.GetPrivateSubnetTags();
var protectedSubnetCidrs = await Config.GetProtectedSubnetCidrs();
var protectedSubnetTags = await Config.GetProtectedSubnetTags();
var azs = await Config.GetAvailabilityZones();
for (var i = 0; i < azs.Length; i++)
{
var az = azs[i];
// Each AZ gets a public subnet.
var publicSubnet = new Ec2.Subnet($"PublicSubnet{i}", new Ec2.SubnetArgs {
VpcId = vpc.Id,
AvailabilityZone = az,
CidrBlock = publicSubnetCidrs[i],
MapPublicIpOnLaunch = true,
Tags = publicSubnetTags[i].Add("Name", $"Public subnet {i}"),
});
publicSubnetIds.Add(publicSubnet.Id);
var publicSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PublicSubnet{i}RouteTableAssociation", new Ec2.RouteTableAssociationArgs {
SubnetId = publicSubnet.Id,
RouteTableId = publicSubnetRouteTable.Id,
});
// If desired, create a NAT Gateway and private subnet for each AZ.
if (Config.CreatePrivateSubnets)
{
var natEip = new Ec2.Eip($"NAT{i}EIP", new Ec2.EipArgs {
Vpc = true
}, new CustomResourceOptions {
DependsOn = { internetGateway }
});
var natGateway = new Ec2.NatGateway($"NATGateway{i}", new Ec2.NatGatewayArgs {
SubnetId = publicSubnet.Id,
AllocationId = natEip.Id,
});
natEips.Add(natEip.PublicIp);
var privateSubnet = new Ec2.Subnet($"PrivateSubnet{i}A", new Ec2.SubnetArgs {
VpcId = vpc.Id,
AvailabilityZone = az,
CidrBlock = privateSubnetCidrs[i],
Tags = privateSubnetTags[i].Add("Name", $"Private subnet {i}A"),
});
privateSubnetIds.Add(privateSubnet.Id);
var privateSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}ARouteTable", new Ec2.RouteTableArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", $"Private subnet {i}A" },
{ "Network", "Private" },
},
});
var privateSubnetRoute = new Ec2.Route($"PrivateSubnet{i}ARoute", new Ec2.RouteArgs {
RouteTableId = privateSubnetRouteTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
NatGatewayId = natGateway.Id,
});
var privateSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}ARouteTableAssociation", new Ec2.RouteTableAssociationArgs {
SubnetId = privateSubnet.Id,
RouteTableId = privateSubnetRouteTable.Id,
});
// Remember the route table ID for the VPC endpoint later.
privateSubnetRouteTableIds.Add(privateSubnetRouteTable.Id);
// If desired, create additional private subnets with dedicated network ACLs for extra protection.
if (Config.CreateProtectedSubnets)
{
var protectedSubnet = new Ec2.Subnet($"PrivateSubnet{i}B", new Ec2.SubnetArgs {
VpcId = vpc.Id,
AvailabilityZone = az,
CidrBlock = protectedSubnetCidrs[i],
Tags = protectedSubnetTags[i].Add("Name", $"Private subnet ${i}B"),
});
protectedSubnetIds.Add(protectedSubnet.Id);
var protectedSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}BRouteTable", new Ec2.RouteTableArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", $"Private subnet {i}B" },
{ "Network", "Private" },
},
});
var protectedSubnetRoute = new Ec2.Route($"PrivateSubnet{i}BRoute", new Ec2.RouteArgs {
RouteTableId = protectedSubnetRouteTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
NatGatewayId = natGateway.Id,
});
var protectedSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}BRouteTableAssociation", new Ec2.RouteTableAssociationArgs {
SubnetId = protectedSubnet.Id,
RouteTableId = protectedSubnetRouteTable.Id,
});
var protectedSubnetNetworkAcl = new Ec2.NetworkAcl($"PrivateSubnet{i}BNetworkAcl", new Ec2.NetworkAclArgs {
VpcId = vpc.Id,
SubnetIds = { protectedSubnet.Id },
Tags = new Dictionary <string, object> {
{ "Name", $"NACL protected subnet {i}" },
{ "Network", "NACL Protected" },
},
});
var protectedSubnetNetworkAclEntryInbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryInbound", new Ec2.NetworkAclRuleArgs {
NetworkAclId = protectedSubnetNetworkAcl.Id,
CidrBlock = "0.0.0.0/0",
Egress = false,
Protocol = "-1",
RuleAction = "allow",
RuleNumber = 100,
});
var protectedSubnetNetworkAclEntryOutbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryOutbound", new Ec2.NetworkAclRuleArgs {
NetworkAclId = protectedSubnetNetworkAcl.Id,
CidrBlock = "0.0.0.0/0",
Egress = true,
Protocol = "-1",
RuleAction = "allow",
RuleNumber = 100,
});
// Remember the route table ID for the VPC endpoint later.
privateSubnetRouteTableIds.Add(protectedSubnetRouteTable.Id);
}
}
}
// If we created private subnets, allocate an S3 VPC Endpoint to simplify access to S3.
Output <string>?s3VpcEndpointId = null;
if (Config.CreatePrivateSubnets)
{
s3VpcEndpointId = new Ec2.VpcEndpoint("S3VPCEndpoint", new Ec2.VpcEndpointArgs {
VpcId = vpc.Id,
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Action"": ""*"",
""Effect"": ""Allow"",
""Resource"": ""*"",
""Principal"": ""*""
}]
}
",
RouteTableIds = privateSubnetRouteTableIds.ToImmutable(),
ServiceName = $"com.amazonaws.{region}.s3",
}).Id;
}
// Export all of the resulting properties that upstream stacks may want to consume.
return new Dictionary <string, object?>
{
{ "vpcId", vpc.Id },
{ "vpcCidr", vpc.CidrBlock },
{ "natEips", natEips.ToImmutableArray() },
{ "publicSubnetIds", publicSubnetIds.ToImmutableArray() },
{ "publicSubnetCidrs", publicSubnetCidrs },
{ "publicSubnetRouteTableId", publicSubnetRouteTable.Id },
{ "privateSubnetIds", privateSubnetIds.ToImmutableArray() },
{ "privateSubnetCidrs", privateSubnetCidrs },
{ "protectedSubnetIds", protectedSubnetIds.ToImmutableArray() },
{ "protectedSubnetCidrs", protectedSubnetCidrs },
{ "privateSubnetRouteTableIds", privateSubnetRouteTableIds.ToImmutableArray() },
{ "s3VpcEndpointId", s3VpcEndpointId },
};
}));
}
public MyStack()
{
var ecsInstanceRoleRole = new Aws.Iam.Role("ecsInstanceRoleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
}
}
]
}
",
});
var ecsInstanceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("ecsInstanceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
Role = ecsInstanceRoleRole.Name,
});
var ecsInstanceRoleInstanceProfile = new Aws.Iam.InstanceProfile("ecsInstanceRoleInstanceProfile", new Aws.Iam.InstanceProfileArgs
{
Role = ecsInstanceRoleRole.Name,
});
var awsBatchServiceRoleRole = new Aws.Iam.Role("awsBatchServiceRoleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""batch.amazonaws.com""
}
}
]
}
",
});
var awsBatchServiceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("awsBatchServiceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole",
Role = awsBatchServiceRoleRole.Name,
});
var sampleSecurityGroup = new Aws.Ec2.SecurityGroup("sampleSecurityGroup", new Aws.Ec2.SecurityGroupArgs
{
Egress =
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
CidrBlocks =
{
"0.0.0.0/0",
},
FromPort = 0,
Protocol = "-1",
ToPort = 0,
},
},
});
var sampleVpc = new Aws.Ec2.Vpc("sampleVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var sampleSubnet = new Aws.Ec2.Subnet("sampleSubnet", new Aws.Ec2.SubnetArgs
{
CidrBlock = "10.1.1.0/24",
VpcId = sampleVpc.Id,
});
var sampleComputeEnvironment = new Aws.Batch.ComputeEnvironment("sampleComputeEnvironment", new Aws.Batch.ComputeEnvironmentArgs
{
ComputeEnvironmentName = "sample",
ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs
{
InstanceRole = ecsInstanceRoleInstanceProfile.Arn,
InstanceType =
{
"c4.large",
},
MaxVcpus = 16,
MinVcpus = 0,
SecurityGroupIds =
{
sampleSecurityGroup.Id,
},
Subnets =
{
sampleSubnet.Id,
},
Type = "EC2",
},
ServiceRole = awsBatchServiceRoleRole.Arn,
Type = "MANAGED",
}, new CustomResourceOptions
{
DependsOn =
{
"aws_iam_role_policy_attachment.aws_batch_service_role",
},
});
}