public MyStack()
{
var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
EnableDnsHostnames = true,
EnableDnsSupport = true,
});
var examplePrivateDnsNamespace = new Aws.ServiceDiscovery.PrivateDnsNamespace("examplePrivateDnsNamespace", new Aws.ServiceDiscovery.PrivateDnsNamespaceArgs
{
Description = "example",
Vpc = exampleVpc.Id,
});
var exampleService = new Aws.ServiceDiscovery.Service("exampleService", new Aws.ServiceDiscovery.ServiceArgs
{
DnsConfig = new Aws.ServiceDiscovery.Inputs.ServiceDnsConfigArgs
{
DnsRecords =
{
new Aws.ServiceDiscovery.Inputs.ServiceDnsConfigDnsRecordArgs
{
Ttl = 10,
Type = "A",
},
},
NamespaceId = examplePrivateDnsNamespace.Id,
RoutingPolicy = "MULTIVALUE",
},
HealthCheckCustomConfig = new Aws.ServiceDiscovery.Inputs.ServiceHealthCheckCustomConfigArgs
{
FailureThreshold = 1,
},
});
}
public MyStack()
{
var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
Tags =
{
{ "Name", "tf-test" },
},
});
var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.0.0/24",
Tags =
{
{ "Name", "tf-test" },
},
VpcId = fooVpc.Id,
});
var bar = new Aws.ElastiCache.SubnetGroup("bar", new Aws.ElastiCache.SubnetGroupArgs
{
SubnetIds =
{
fooSubnet.Id,
},
});
}
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
}
public MyStack()
{
var vpc = new Aws.Ec2.Vpc("vpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var vpnGateway = new Aws.Ec2.VpnGateway("vpnGateway", new Aws.Ec2.VpnGatewayArgs
{
VpcId = vpc.Id,
});
var customerGateway = new Aws.Ec2.CustomerGateway("customerGateway", new Aws.Ec2.CustomerGatewayArgs
{
BgpAsn = 65000,
IpAddress = "172.0.0.1",
Type = "ipsec.1",
});
var main = new Aws.Ec2.VpnConnection("main", new Aws.Ec2.VpnConnectionArgs
{
CustomerGatewayId = customerGateway.Id,
StaticRoutesOnly = true,
Type = "ipsec.1",
VpnGatewayId = vpnGateway.Id,
});
var office = new Aws.Ec2.VpnConnectionRoute("office", new Aws.Ec2.VpnConnectionRouteArgs
{
DestinationCidrBlock = "192.168.10.0/24",
VpnConnectionId = main.Id,
});
}
public MyStack()
{
var exampleGateway = new Aws.DirectConnect.Gateway("exampleGateway", new Aws.DirectConnect.GatewayArgs
{
AmazonSideAsn = "64512",
});
var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.255.255.0/28",
});
var exampleVpnGateway = new Aws.Ec2.VpnGateway("exampleVpnGateway", new Aws.Ec2.VpnGatewayArgs
{
VpcId = exampleVpc.Id,
});
var exampleGatewayAssociation = new Aws.DirectConnect.GatewayAssociation("exampleGatewayAssociation", new Aws.DirectConnect.GatewayAssociationArgs
{
AllowedPrefixes =
{
"210.52.109.0/24",
"175.45.176.0/22",
},
AssociatedGatewayId = exampleVpnGateway.Id,
DxGatewayId = exampleGateway.Id,
});
}
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation("secondaryCidr", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs
{
CidrBlock = "172.2.0.0/16",
VpcId = main.Id,
});
}
public MyStack()
{
var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var examplePrivateDnsNamespace = new Aws.ServiceDiscovery.PrivateDnsNamespace("examplePrivateDnsNamespace", new Aws.ServiceDiscovery.PrivateDnsNamespaceArgs
{
Description = "example",
Vpc = exampleVpc.Id,
});
}
private static void ConfigureNetworking()
{
var vpc = new Ec2.Vpc($"{baseName}-vpc", new Ec2.VpcArgs()
{
EnableDnsSupport = true,
EnableDnsHostnames = true,
CidrBlock = "10.0.0.0/16",
});
var subnetOne = new Ec2.Subnet($"{baseName}-subnet-one", new Ec2.SubnetArgs()
{
VpcId = vpc.Id,
CidrBlock = "10.0.0.0/24",
MapPublicIpOnLaunch = true,
AvailabilityZone = "eu-west-1a",
});
var subnetTwo = new Ec2.Subnet($"{baseName}-subnet-two", new Ec2.SubnetArgs()
{
VpcId = vpc.Id,
CidrBlock = "10.0.1.0/24",
MapPublicIpOnLaunch = true,
AvailabilityZone = "eu-west-1b",
});
var gateway = new Ec2.InternetGateway($"{baseName}-gateway", new Ec2.InternetGatewayArgs()
{
VpcId = vpc.Id,
});
var routeTable = new Ec2.RouteTable($"{baseName}-routetable", new Ec2.RouteTableArgs()
{
VpcId = vpc.Id,
});
var publicRoute = new Ec2.Route($"{baseName}-publicroute", new Ec2.RouteArgs()
{
RouteTableId = routeTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
GatewayId = gateway.Id,
});
var subnetOneRouteAssociation = new Ec2.RouteTableAssociation($"{baseName}-subnetoneroutes", new Ec2.RouteTableAssociationArgs()
{
SubnetId = subnetOne.Id,
RouteTableId = routeTable.Id,
});
vpcId = vpc.Id;
subnetId = subnetOne.Id;
subnetTwoId = subnetTwo.Id;
}
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var test = new Aws.LB.TargetGroup("test", new Aws.LB.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
VpcId = main.Id,
});
}
public MyStack()
{
var aws_vpc = new Aws.Ec2.Vpc("aws_vpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
InstanceTenancy = "default",
});
var privateS3VpcEndpoint = new Aws.Ec2.VpcEndpoint("privateS3VpcEndpoint", new Aws.Ec2.VpcEndpointArgs
{
VpcId = aws_vpc.Id,
ServiceName = "com.amazonaws.us-west-2.s3",
});
var privateS3PrefixList = Aws.Ec2.GetPrefixList.Invoke(new Aws.Ec2.GetPrefixListInvokeArgs
{
PrefixListId = privateS3VpcEndpoint.PrefixListId,
});
var bar = new Aws.Ec2.NetworkAcl("bar", new Aws.Ec2.NetworkAclArgs
{
VpcId = aws_vpc.Id,
});
var privateS3NetworkAclRule = new Aws.Ec2.NetworkAclRule("privateS3NetworkAclRule", new Aws.Ec2.NetworkAclRuleArgs
{
NetworkAclId = bar.Id,
RuleNumber = 200,
Egress = false,
Protocol = "tcp",
RuleAction = "allow",
CidrBlock = privateS3PrefixList.Apply(privateS3PrefixList => privateS3PrefixList.CidrBlocks[0]),
FromPort = 443,
ToPort = 443,
});
var amis = Aws.Ec2.GetAmiIds.Invoke(new Aws.Ec2.GetAmiIdsInvokeArgs
{
Owners =
{
bar.Id,
},
Filters =
{
new Aws.Ec2.Inputs.GetAmiIdsFilterInputArgs
{
Name = bar.Id,
Values =
{
"pulumi*",
},
},
},
});
}
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var ip_example = new Aws.LB.TargetGroup("ip-example", new Aws.LB.TargetGroupArgs
{
Port = 80,
Protocol = "HTTP",
TargetType = "ip",
VpcId = main.Id,
});
}
public MyStack()
{
var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs
{
AssignGeneratedIpv6CidrBlock = true,
CidrBlock = "10.1.0.0/16",
});
var exampleEgressOnlyInternetGateway = new Aws.Ec2.EgressOnlyInternetGateway("exampleEgressOnlyInternetGateway", new Aws.Ec2.EgressOnlyInternetGatewayArgs
{
Tags =
{
{ "Name", "main" },
},
VpcId = exampleVpc.Id,
});
}
public MyStack()
{
var exampleLocalGatewayRouteTable = Output.Create(Aws.Ec2.GetLocalGatewayRouteTable.InvokeAsync(new Aws.Ec2.GetLocalGatewayRouteTableArgs
{
OutpostArn = "arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef",
}));
var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var exampleLocalGatewayRouteTableVpcAssociation = new Aws.Ec2.LocalGatewayRouteTableVpcAssociation("exampleLocalGatewayRouteTableVpcAssociation", new Aws.Ec2.LocalGatewayRouteTableVpcAssociationArgs
{
LocalGatewayRouteTableId = exampleLocalGatewayRouteTable.Apply(exampleLocalGatewayRouteTable => exampleLocalGatewayRouteTable.Id),
VpcId = exampleVpc.Id,
});
}
public MyStack()
{
var peer = new Aws.Provider("peer", new Aws.ProviderArgs
{
Region = "us-west-2",
});
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var peerVpc = new Aws.Ec2.Vpc("peerVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
}, new CustomResourceOptions
{
Provider = "aws.peer",
});
var peerCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
// Requester's side of the connection.
var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection("peerVpcPeeringConnection", new Aws.Ec2.VpcPeeringConnectionArgs
{
AutoAccept = false,
PeerOwnerId = peerCallerIdentity.Apply(peerCallerIdentity => peerCallerIdentity.AccountId),
PeerRegion = "us-west-2",
PeerVpcId = peerVpc.Id,
Tags =
{
{ "Side", "Requester" },
},
VpcId = main.Id,
});
// Accepter's side of the connection.
var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter("peerVpcPeeringConnectionAccepter", new Aws.Ec2.VpcPeeringConnectionAccepterArgs
{
AutoAccept = true,
Tags =
{
{ "Side", "Accepter" },
},
VpcPeeringConnectionId = peerVpcPeeringConnection.Id,
}, new CustomResourceOptions
{
Provider = "aws.peer",
});
}
public MyStack()
{
var s3 = Output.Create(Aws.Ec2.GetVpcEndpointService.InvokeAsync(new Aws.Ec2.GetVpcEndpointServiceArgs
{
Service = "s3",
}));
// Create a VPC
var foo = new Aws.Ec2.Vpc("foo", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
// Create a VPC endpoint
var ep = new Aws.Ec2.VpcEndpoint("ep", new Aws.Ec2.VpcEndpointArgs
{
ServiceName = s3.Apply(s3 => s3.ServiceName),
VpcId = foo.Id,
});
}
public MyStack()
{
var foo = new Aws.Ec2.Vpc("foo", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var alphaSubnet = new Aws.Ec2.Subnet("alphaSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.1.0/24",
VpcId = foo.Id,
});
var alphaMountTarget = new Aws.Efs.MountTarget("alphaMountTarget", new Aws.Efs.MountTargetArgs
{
FileSystemId = aws_efs_file_system.Foo.Id,
SubnetId = alphaSubnet.Id,
});
}
public MyStack()
{
var network = new Aws.Ec2.Vpc("network", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var vpn = new Aws.Ec2.VpnGateway("vpn", new Aws.Ec2.VpnGatewayArgs
{
Tags =
{
{ "Name", "example-vpn-gateway" },
},
});
var vpnAttachment = new Aws.Ec2.VpnGatewayAttachment("vpnAttachment", new Aws.Ec2.VpnGatewayAttachmentArgs
{
VpcId = network.Id,
VpnGatewayId = vpn.Id,
});
}
public MyStack()
{
var mainVpc = new Aws.Ec2.Vpc("mainVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var private_a = new Aws.Ec2.Subnet("private-a", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-east-1a",
CidrBlock = "10.0.0.0/24",
VpcId = mainVpc.Id,
});
var private_b = new Aws.Ec2.Subnet("private-b", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-east-1b",
CidrBlock = "10.0.1.0/24",
VpcId = mainVpc.Id,
});
var mainDirectory = new Aws.DirectoryService.Directory("mainDirectory", new Aws.DirectoryService.DirectoryArgs
{
Password = "******",
Size = "Small",
VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs
{
SubnetIds =
{
private_a.Id,
private_b.Id,
},
VpcId = mainVpc.Id,
},
});
var mainWorkspaces_directoryDirectory = new Aws.Workspaces.Directory("mainWorkspaces/directoryDirectory", new Aws.Workspaces.DirectoryArgs
{
DirectoryId = mainDirectory.Id,
SelfServicePermissions = new Aws.Workspaces.Inputs.DirectorySelfServicePermissionsArgs
{
IncreaseVolumeSize = true,
RebuildWorkspace = true,
},
});
}
public MyStack()
{
var exampleGateway = new Aws.DirectConnect.Gateway("exampleGateway", new Aws.DirectConnect.GatewayArgs
{
AmazonSideAsn = "64512",
});
var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.255.255.0/28",
});
var exampleVpnGateway = new Aws.Ec2.VpnGateway("exampleVpnGateway", new Aws.Ec2.VpnGatewayArgs
{
VpcId = exampleVpc.Id,
});
var exampleGatewayAssociation = new Aws.DirectConnect.GatewayAssociation("exampleGatewayAssociation", new Aws.DirectConnect.GatewayAssociationArgs
{
AssociatedGatewayId = exampleVpnGateway.Id,
DxGatewayId = exampleGateway.Id,
});
}
public MyStack()
{
var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.1.1.0/24",
Tags =
{
{ "Name", "tf-dbsubnet-test-1" },
},
VpcId = fooVpc.Id,
});
var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2b",
CidrBlock = "10.1.2.0/24",
Tags =
{
{ "Name", "tf-dbsubnet-test-2" },
},
VpcId = fooVpc.Id,
});
var fooSubnetGroup = new Aws.RedShift.SubnetGroup("fooSubnetGroup", new Aws.RedShift.SubnetGroupArgs
{
SubnetIds =
{
fooSubnet.Id,
bar.Id,
},
Tags =
{
{ "environment", "Production" },
},
});
}
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var foo = new Aws.Ec2.Subnet("foo", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.1.0/24",
VpcId = main.Id,
});
var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2b",
CidrBlock = "10.0.2.0/24",
VpcId = main.Id,
});
var connector = new Aws.DirectoryService.Directory("connector", new Aws.DirectoryService.DirectoryArgs
{
ConnectSettings = new Aws.DirectoryService.Inputs.DirectoryConnectSettingsArgs
{
CustomerDnsIps =
{
"A.B.C.D",
},
CustomerUsername = "******",
SubnetIds =
{
foo.Id,
bar.Id,
},
VpcId = main.Id,
},
Password = "******",
Size = "Small",
Type = "ADConnector",
});
}
public MyStack()
{
var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.0.0.0/16",
});
var foo = new Aws.Ec2.Subnet("foo", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2a",
CidrBlock = "10.0.1.0/24",
VpcId = main.Id,
});
var barSubnet = new Aws.Ec2.Subnet("barSubnet", new Aws.Ec2.SubnetArgs
{
AvailabilityZone = "us-west-2b",
CidrBlock = "10.0.2.0/24",
VpcId = main.Id,
});
var barDirectory = new Aws.DirectoryService.Directory("barDirectory", new Aws.DirectoryService.DirectoryArgs
{
Edition = "Standard",
Password = "******",
Tags =
{
{ "Project", "foo" },
},
Type = "MicrosoftAD",
VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs
{
SubnetIds =
{
foo.Id,
barSubnet.Id,
},
VpcId = main.Id,
},
});
}
static Task <int> Main()
{
return(Deployment.RunAsync(async() => {
var region = Aws.Config.Region;
var fullProjectStack = $"{Deployment.Instance.ProjectName}-{Deployment.Instance.StackName}";
// Create the VPC.
var vpc = new Ec2.Vpc("VPC", new Ec2.VpcArgs {
CidrBlock = Config.VpcCidr,
InstanceTenancy = Config.VpcTenancy,
EnableDnsSupport = true,
EnableDnsHostnames = true,
Tags = new Dictionary <string, object> {
{ "Name", fullProjectStack }
},
});
// Associate DHCP options with our VPC.
var dhcpOptions = new Ec2.VpcDhcpOptions("DHCPOptions", new Ec2.VpcDhcpOptionsArgs {
DomainName = (region == "us-east-1" ? "ec2.internal" : $"{region}.compute.internal"),
DomainNameServers = { "AmazonProvidedDNS" },
});
var vpcDhcpOptionsAssociation = new Ec2.VpcDhcpOptionsAssociation("VPCDHCPOptionsAssociation", new Ec2.VpcDhcpOptionsAssociationArgs {
VpcId = vpc.Id,
DhcpOptionsId = dhcpOptions.Id,
});
// Create an Internet Gateway for our public subnet to connect to the Internet.
var internetGateway = new Ec2.InternetGateway("InternetGateway", new Ec2.InternetGatewayArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", fullProjectStack }
},
});
// Creat a Route Table for public subnets to use the Internet Gateway for 0.0.0.0/0 traffic.
var publicSubnetRouteTable = new Ec2.RouteTable("PublicSubnetRouteTable", new Ec2.RouteTableArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", "Public Subnets" },
{ "Network", "Public" },
},
});
var publicSubnetRoute = new Ec2.Route("PublicSubnetRoute", new Ec2.RouteArgs {
RouteTableId = publicSubnetRouteTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
GatewayId = internetGateway.Id,
});
// For each AZ, create the NAT Gateways and public and private subnets. Keep track of various properties
// so that they can be exported as top-level stack exports later on.
var natEips = ImmutableArray.CreateBuilder <Output <string> >();
var publicSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
var privateSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
var protectedSubnetIds = ImmutableArray.CreateBuilder <Output <string> >();
var privateSubnetRouteTableIds = ImmutableArray.CreateBuilder <Output <string> >();
var publicSubnetCidrs = await Config.GetPublicSubnetCidrs();
var publicSubnetTags = await Config.GetPublicSubnetTags();
var privateSubnetCidrs = await Config.GetPrivateSubnetCidrs();
var privateSubnetTags = await Config.GetPrivateSubnetTags();
var protectedSubnetCidrs = await Config.GetProtectedSubnetCidrs();
var protectedSubnetTags = await Config.GetProtectedSubnetTags();
var azs = await Config.GetAvailabilityZones();
for (var i = 0; i < azs.Length; i++)
{
var az = azs[i];
// Each AZ gets a public subnet.
var publicSubnet = new Ec2.Subnet($"PublicSubnet{i}", new Ec2.SubnetArgs {
VpcId = vpc.Id,
AvailabilityZone = az,
CidrBlock = publicSubnetCidrs[i],
MapPublicIpOnLaunch = true,
Tags = publicSubnetTags[i].Add("Name", $"Public subnet {i}"),
});
publicSubnetIds.Add(publicSubnet.Id);
var publicSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PublicSubnet{i}RouteTableAssociation", new Ec2.RouteTableAssociationArgs {
SubnetId = publicSubnet.Id,
RouteTableId = publicSubnetRouteTable.Id,
});
// If desired, create a NAT Gateway and private subnet for each AZ.
if (Config.CreatePrivateSubnets)
{
var natEip = new Ec2.Eip($"NAT{i}EIP", new Ec2.EipArgs {
Vpc = true
}, new CustomResourceOptions {
DependsOn = { internetGateway }
});
var natGateway = new Ec2.NatGateway($"NATGateway{i}", new Ec2.NatGatewayArgs {
SubnetId = publicSubnet.Id,
AllocationId = natEip.Id,
});
natEips.Add(natEip.PublicIp);
var privateSubnet = new Ec2.Subnet($"PrivateSubnet{i}A", new Ec2.SubnetArgs {
VpcId = vpc.Id,
AvailabilityZone = az,
CidrBlock = privateSubnetCidrs[i],
Tags = privateSubnetTags[i].Add("Name", $"Private subnet {i}A"),
});
privateSubnetIds.Add(privateSubnet.Id);
var privateSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}ARouteTable", new Ec2.RouteTableArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", $"Private subnet {i}A" },
{ "Network", "Private" },
},
});
var privateSubnetRoute = new Ec2.Route($"PrivateSubnet{i}ARoute", new Ec2.RouteArgs {
RouteTableId = privateSubnetRouteTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
NatGatewayId = natGateway.Id,
});
var privateSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}ARouteTableAssociation", new Ec2.RouteTableAssociationArgs {
SubnetId = privateSubnet.Id,
RouteTableId = privateSubnetRouteTable.Id,
});
// Remember the route table ID for the VPC endpoint later.
privateSubnetRouteTableIds.Add(privateSubnetRouteTable.Id);
// If desired, create additional private subnets with dedicated network ACLs for extra protection.
if (Config.CreateProtectedSubnets)
{
var protectedSubnet = new Ec2.Subnet($"PrivateSubnet{i}B", new Ec2.SubnetArgs {
VpcId = vpc.Id,
AvailabilityZone = az,
CidrBlock = protectedSubnetCidrs[i],
Tags = protectedSubnetTags[i].Add("Name", $"Private subnet ${i}B"),
});
protectedSubnetIds.Add(protectedSubnet.Id);
var protectedSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}BRouteTable", new Ec2.RouteTableArgs {
VpcId = vpc.Id,
Tags = new Dictionary <string, object> {
{ "Name", $"Private subnet {i}B" },
{ "Network", "Private" },
},
});
var protectedSubnetRoute = new Ec2.Route($"PrivateSubnet{i}BRoute", new Ec2.RouteArgs {
RouteTableId = protectedSubnetRouteTable.Id,
DestinationCidrBlock = "0.0.0.0/0",
NatGatewayId = natGateway.Id,
});
var protectedSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}BRouteTableAssociation", new Ec2.RouteTableAssociationArgs {
SubnetId = protectedSubnet.Id,
RouteTableId = protectedSubnetRouteTable.Id,
});
var protectedSubnetNetworkAcl = new Ec2.NetworkAcl($"PrivateSubnet{i}BNetworkAcl", new Ec2.NetworkAclArgs {
VpcId = vpc.Id,
SubnetIds = { protectedSubnet.Id },
Tags = new Dictionary <string, object> {
{ "Name", $"NACL protected subnet {i}" },
{ "Network", "NACL Protected" },
},
});
var protectedSubnetNetworkAclEntryInbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryInbound", new Ec2.NetworkAclRuleArgs {
NetworkAclId = protectedSubnetNetworkAcl.Id,
CidrBlock = "0.0.0.0/0",
Egress = false,
Protocol = "-1",
RuleAction = "allow",
RuleNumber = 100,
});
var protectedSubnetNetworkAclEntryOutbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryOutbound", new Ec2.NetworkAclRuleArgs {
NetworkAclId = protectedSubnetNetworkAcl.Id,
CidrBlock = "0.0.0.0/0",
Egress = true,
Protocol = "-1",
RuleAction = "allow",
RuleNumber = 100,
});
// Remember the route table ID for the VPC endpoint later.
privateSubnetRouteTableIds.Add(protectedSubnetRouteTable.Id);
}
}
}
// If we created private subnets, allocate an S3 VPC Endpoint to simplify access to S3.
Output <string>?s3VpcEndpointId = null;
if (Config.CreatePrivateSubnets)
{
s3VpcEndpointId = new Ec2.VpcEndpoint("S3VPCEndpoint", new Ec2.VpcEndpointArgs {
VpcId = vpc.Id,
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Action"": ""*"",
""Effect"": ""Allow"",
""Resource"": ""*"",
""Principal"": ""*""
}]
}
",
RouteTableIds = privateSubnetRouteTableIds.ToImmutable(),
ServiceName = $"com.amazonaws.{region}.s3",
}).Id;
}
// Export all of the resulting properties that upstream stacks may want to consume.
return new Dictionary <string, object?>
{
{ "vpcId", vpc.Id },
{ "vpcCidr", vpc.CidrBlock },
{ "natEips", natEips.ToImmutableArray() },
{ "publicSubnetIds", publicSubnetIds.ToImmutableArray() },
{ "publicSubnetCidrs", publicSubnetCidrs },
{ "publicSubnetRouteTableId", publicSubnetRouteTable.Id },
{ "privateSubnetIds", privateSubnetIds.ToImmutableArray() },
{ "privateSubnetCidrs", privateSubnetCidrs },
{ "protectedSubnetIds", protectedSubnetIds.ToImmutableArray() },
{ "protectedSubnetCidrs", protectedSubnetCidrs },
{ "privateSubnetRouteTableIds", privateSubnetRouteTableIds.ToImmutableArray() },
{ "s3VpcEndpointId", s3VpcEndpointId },
};
}));
}
public MyStack()
{
var ecsInstanceRoleRole = new Aws.Iam.Role("ecsInstanceRoleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ec2.amazonaws.com""
}
}
]
}
",
});
var ecsInstanceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("ecsInstanceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role",
Role = ecsInstanceRoleRole.Name,
});
var ecsInstanceRoleInstanceProfile = new Aws.Iam.InstanceProfile("ecsInstanceRoleInstanceProfile", new Aws.Iam.InstanceProfileArgs
{
Role = ecsInstanceRoleRole.Name,
});
var awsBatchServiceRoleRole = new Aws.Iam.Role("awsBatchServiceRoleRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""batch.amazonaws.com""
}
}
]
}
",
});
var awsBatchServiceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("awsBatchServiceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole",
Role = awsBatchServiceRoleRole.Name,
});
var sampleSecurityGroup = new Aws.Ec2.SecurityGroup("sampleSecurityGroup", new Aws.Ec2.SecurityGroupArgs
{
Egress =
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
CidrBlocks =
{
"0.0.0.0/0",
},
FromPort = 0,
Protocol = "-1",
ToPort = 0,
},
},
});
var sampleVpc = new Aws.Ec2.Vpc("sampleVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.1.0.0/16",
});
var sampleSubnet = new Aws.Ec2.Subnet("sampleSubnet", new Aws.Ec2.SubnetArgs
{
CidrBlock = "10.1.1.0/24",
VpcId = sampleVpc.Id,
});
var sampleComputeEnvironment = new Aws.Batch.ComputeEnvironment("sampleComputeEnvironment", new Aws.Batch.ComputeEnvironmentArgs
{
ComputeEnvironmentName = "sample",
ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs
{
InstanceRole = ecsInstanceRoleInstanceProfile.Arn,
InstanceType =
{
"c4.large",
},
MaxVcpus = 16,
MinVcpus = 0,
SecurityGroupIds =
{
sampleSecurityGroup.Id,
},
Subnets =
{
sampleSubnet.Id,
},
Type = "EC2",
},
ServiceRole = awsBatchServiceRoleRole.Arn,
Type = "MANAGED",
}, new CustomResourceOptions
{
DependsOn =
{
"aws_iam_role_policy_attachment.aws_batch_service_role",
},
});
}
private async Task <IDictionary <string, Output <string> > > Initialize()
{
// VPC
var eksVpc = new Aws.Ec2.Vpc("eksVpc", new Aws.Ec2.VpcArgs
{
CidrBlock = "10.100.0.0/16",
InstanceTenancy = "default",
EnableDnsHostnames = true,
EnableDnsSupport = true,
Tags =
{
{ "Name", "pulumi-eks-vpc" },
},
});
var eksIgw = new Aws.Ec2.InternetGateway("eksIgw", new Aws.Ec2.InternetGatewayArgs
{
VpcId = eksVpc.Id,
Tags =
{
{ "Name", "pulumi-vpc-ig" },
},
});
var eksRouteTable = new Aws.Ec2.RouteTable("eksRouteTable", new Aws.Ec2.RouteTableArgs
{
VpcId = eksVpc.Id,
Routes =
{
new Aws.Ec2.Inputs.RouteTableRouteArgs
{
CidrBlock = "0.0.0.0/0",
GatewayId = eksIgw.Id,
},
},
Tags =
{
{ "Name", "pulumi-vpc-rt" },
},
});
// Subnets, one for each AZ in a region
var zones = await Aws.GetAvailabilityZones.InvokeAsync();
var vpcSubnet = new List <Aws.Ec2.Subnet>();
foreach (var range in zones.Names.Select((v, k) => new { Key = k, Value = v }))
{
vpcSubnet.Add(new Aws.Ec2.Subnet($"vpcSubnet-{range.Key}", new Aws.Ec2.SubnetArgs
{
AssignIpv6AddressOnCreation = false,
VpcId = eksVpc.Id,
MapPublicIpOnLaunch = true,
CidrBlock = $"10.100.{range.Key}.0/24",
AvailabilityZone = range.Value,
Tags =
{
{ "Name", $"pulumi-sn-{range.Value}" },
},
}));
}
var rta = new List <Aws.Ec2.RouteTableAssociation>();
foreach (var range in zones.Names.Select((v, k) => new { Key = k, Value = v }))
{
rta.Add(new Aws.Ec2.RouteTableAssociation($"rta-{range.Key}", new Aws.Ec2.RouteTableAssociationArgs
{
RouteTableId = eksRouteTable.Id,
SubnetId = vpcSubnet[range.Key].Id,
}));
}
var subnetIds = vpcSubnet.Select(__item => __item.Id).ToList();
var eksSecurityGroup = new Aws.Ec2.SecurityGroup("eksSecurityGroup", new Aws.Ec2.SecurityGroupArgs
{
VpcId = eksVpc.Id,
Description = "Allow all HTTP(s) traffic to EKS Cluster",
Tags =
{
{ "Name", "pulumi-cluster-sg" },
},
Ingress =
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
CidrBlocks =
{
"0.0.0.0/0",
},
FromPort = 443,
ToPort = 443,
Protocol = "tcp",
Description = "Allow pods to communicate with the cluster API Server.",
},
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
CidrBlocks =
{
"0.0.0.0/0",
},
FromPort = 80,
ToPort = 80,
Protocol = "tcp",
Description = "Allow internet access to pods",
},
},
});
// EKS Cluster Role
var eksRole = new Aws.Iam.Role("eksRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary <string, object?>
{
{ "Version", "2012-10-17" },
{ "Statement", new[]
{
new Dictionary <string, object?>
{
{ "Action", "sts:AssumeRole" },
{ "Principal", new Dictionary <string, object?>
{
{ "Service", "eks.amazonaws.com" },
} },
{ "Effect", "Allow" },
{ "Sid", "" },
},
} },
}),
});
var servicePolicyAttachment = new Aws.Iam.RolePolicyAttachment("servicePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = eksRole.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
});
var clusterPolicyAttachment = new Aws.Iam.RolePolicyAttachment("clusterPolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = eksRole.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
});
// EC2 NodeGroup Role
var ec2Role = new Aws.Iam.Role("ec2Role", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary <string, object?>
{
{ "Version", "2012-10-17" },
{ "Statement", new[]
{
new Dictionary <string, object?>
{
{ "Action", "sts:AssumeRole" },
{ "Principal", new Dictionary <string, object?>
{
{ "Service", "ec2.amazonaws.com" },
} },
{ "Effect", "Allow" },
{ "Sid", "" },
},
} },
}),
});
var workerNodePolicyAttachment = new Aws.Iam.RolePolicyAttachment("workerNodePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = ec2Role.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
});
var cniPolicyAttachment = new Aws.Iam.RolePolicyAttachment("cniPolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = ec2Role.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSCNIPolicy",
});
var registryPolicyAttachment = new Aws.Iam.RolePolicyAttachment("registryPolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs
{
Role = ec2Role.Id,
PolicyArn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
});
// EKS Cluster
var eksCluster = new Aws.Eks.Cluster("eksCluster", new Aws.Eks.ClusterArgs
{
RoleArn = eksRole.Arn,
Tags =
{
{ "Name", "pulumi-eks-cluster" },
},
VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs
{
PublicAccessCidrs =
{
"0.0.0.0/0",
},
SecurityGroupIds =
{
eksSecurityGroup.Id,
},
SubnetIds = subnetIds,
},
});
var nodeGroup = new Aws.Eks.NodeGroup("nodeGroup", new Aws.Eks.NodeGroupArgs
{
ClusterName = eksCluster.Name,
NodeGroupName = "pulumi-eks-nodegroup",
NodeRoleArn = ec2Role.Arn,
SubnetIds = subnetIds,
Tags =
{
{ "Name", "pulumi-cluster-nodeGroup" },
},
ScalingConfig = new Aws.Eks.Inputs.NodeGroupScalingConfigArgs
{
DesiredSize = 2,
MaxSize = 2,
MinSize = 1,
},
});
var clusterName = eksCluster.Name;
var kubeconfig = Output.Tuple(eksCluster.Endpoint, eksCluster.CertificateAuthority, eksCluster.Name).Apply(values =>
{
var endpoint = values.Item1;
var certificateAuthority = values.Item2;
var name = values.Item3;
return(JsonSerializer.Serialize(new Dictionary <string, object?>
{
{ "apiVersion", "v1" },
{ "clusters", new[]
{
new Dictionary <string, object?>
{
{ "cluster", new Dictionary <string, object?>
{
{ "server", endpoint },
{ "certificate-authority-data", certificateAuthority.Data },
} },
{ "name", "kubernetes" },
},
} },
{ "contexts", new[]
{
new Dictionary <string, object?>
{
{ "contest", new Dictionary <string, object?>
{
{ "cluster", "kubernetes" },
{ "user", "aws" },
} },
},
} },
{ "current-context", "aws" },
{ "kind", "Config" },
{ "users", new[]
{
new Dictionary <string, object?>
{
{ "name", "aws" },
{ "user", new Dictionary <string, object?>
{
{ "exec", new Dictionary <string, object?>
{
{ "apiVersion", "client.authentication.k8s.io/v1alpha1" },
{ "command", "aws-iam-authenticator" },
} },
{ "args", new[]
{
"token",
"-i",
name,
} },
} },
},
} },
}));
});
return(new Dictionary <string, Output <string> >
{
{ "clusterName", clusterName },
{ "kubeconfig", kubeconfig },
});
}
