public MyStack() { var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", EnableDnsHostnames = true, EnableDnsSupport = true, }); var examplePrivateDnsNamespace = new Aws.ServiceDiscovery.PrivateDnsNamespace("examplePrivateDnsNamespace", new Aws.ServiceDiscovery.PrivateDnsNamespaceArgs { Description = "example", Vpc = exampleVpc.Id, }); var exampleService = new Aws.ServiceDiscovery.Service("exampleService", new Aws.ServiceDiscovery.ServiceArgs { DnsConfig = new Aws.ServiceDiscovery.Inputs.ServiceDnsConfigArgs { DnsRecords = { new Aws.ServiceDiscovery.Inputs.ServiceDnsConfigDnsRecordArgs { Ttl = 10, Type = "A", }, }, NamespaceId = examplePrivateDnsNamespace.Id, RoutingPolicy = "MULTIVALUE", }, HealthCheckCustomConfig = new Aws.ServiceDiscovery.Inputs.ServiceHealthCheckCustomConfigArgs { FailureThreshold = 1, }, }); }
public MyStack() { var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", Tags = { { "Name", "tf-test" }, }, }); var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-west-2a", CidrBlock = "10.0.0.0/24", Tags = { { "Name", "tf-test" }, }, VpcId = fooVpc.Id, }); var bar = new Aws.ElastiCache.SubnetGroup("bar", new Aws.ElastiCache.SubnetGroupArgs { SubnetIds = { fooSubnet.Id, }, }); }
public MyStack() { var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); }
public MyStack() { var vpc = new Aws.Ec2.Vpc("vpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var vpnGateway = new Aws.Ec2.VpnGateway("vpnGateway", new Aws.Ec2.VpnGatewayArgs { VpcId = vpc.Id, }); var customerGateway = new Aws.Ec2.CustomerGateway("customerGateway", new Aws.Ec2.CustomerGatewayArgs { BgpAsn = 65000, IpAddress = "172.0.0.1", Type = "ipsec.1", }); var main = new Aws.Ec2.VpnConnection("main", new Aws.Ec2.VpnConnectionArgs { CustomerGatewayId = customerGateway.Id, StaticRoutesOnly = true, Type = "ipsec.1", VpnGatewayId = vpnGateway.Id, }); var office = new Aws.Ec2.VpnConnectionRoute("office", new Aws.Ec2.VpnConnectionRouteArgs { DestinationCidrBlock = "192.168.10.0/24", VpnConnectionId = main.Id, }); }
public MyStack() { var exampleGateway = new Aws.DirectConnect.Gateway("exampleGateway", new Aws.DirectConnect.GatewayArgs { AmazonSideAsn = "64512", }); var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.255.255.0/28", }); var exampleVpnGateway = new Aws.Ec2.VpnGateway("exampleVpnGateway", new Aws.Ec2.VpnGatewayArgs { VpcId = exampleVpc.Id, }); var exampleGatewayAssociation = new Aws.DirectConnect.GatewayAssociation("exampleGatewayAssociation", new Aws.DirectConnect.GatewayAssociationArgs { AllowedPrefixes = { "210.52.109.0/24", "175.45.176.0/22", }, AssociatedGatewayId = exampleVpnGateway.Id, DxGatewayId = exampleGateway.Id, }); }
public MyStack() { var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation("secondaryCidr", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs { CidrBlock = "172.2.0.0/16", VpcId = main.Id, }); }
public MyStack() { var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var examplePrivateDnsNamespace = new Aws.ServiceDiscovery.PrivateDnsNamespace("examplePrivateDnsNamespace", new Aws.ServiceDiscovery.PrivateDnsNamespaceArgs { Description = "example", Vpc = exampleVpc.Id, }); }
private static void ConfigureNetworking() { var vpc = new Ec2.Vpc($"{baseName}-vpc", new Ec2.VpcArgs() { EnableDnsSupport = true, EnableDnsHostnames = true, CidrBlock = "10.0.0.0/16", }); var subnetOne = new Ec2.Subnet($"{baseName}-subnet-one", new Ec2.SubnetArgs() { VpcId = vpc.Id, CidrBlock = "10.0.0.0/24", MapPublicIpOnLaunch = true, AvailabilityZone = "eu-west-1a", }); var subnetTwo = new Ec2.Subnet($"{baseName}-subnet-two", new Ec2.SubnetArgs() { VpcId = vpc.Id, CidrBlock = "10.0.1.0/24", MapPublicIpOnLaunch = true, AvailabilityZone = "eu-west-1b", }); var gateway = new Ec2.InternetGateway($"{baseName}-gateway", new Ec2.InternetGatewayArgs() { VpcId = vpc.Id, }); var routeTable = new Ec2.RouteTable($"{baseName}-routetable", new Ec2.RouteTableArgs() { VpcId = vpc.Id, }); var publicRoute = new Ec2.Route($"{baseName}-publicroute", new Ec2.RouteArgs() { RouteTableId = routeTable.Id, DestinationCidrBlock = "0.0.0.0/0", GatewayId = gateway.Id, }); var subnetOneRouteAssociation = new Ec2.RouteTableAssociation($"{baseName}-subnetoneroutes", new Ec2.RouteTableAssociationArgs() { SubnetId = subnetOne.Id, RouteTableId = routeTable.Id, }); vpcId = vpc.Id; subnetId = subnetOne.Id; subnetTwoId = subnetTwo.Id; }
public MyStack() { var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var test = new Aws.LB.TargetGroup("test", new Aws.LB.TargetGroupArgs { Port = 80, Protocol = "HTTP", VpcId = main.Id, }); }
public MyStack() { var aws_vpc = new Aws.Ec2.Vpc("aws_vpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", InstanceTenancy = "default", }); var privateS3VpcEndpoint = new Aws.Ec2.VpcEndpoint("privateS3VpcEndpoint", new Aws.Ec2.VpcEndpointArgs { VpcId = aws_vpc.Id, ServiceName = "com.amazonaws.us-west-2.s3", }); var privateS3PrefixList = Aws.Ec2.GetPrefixList.Invoke(new Aws.Ec2.GetPrefixListInvokeArgs { PrefixListId = privateS3VpcEndpoint.PrefixListId, }); var bar = new Aws.Ec2.NetworkAcl("bar", new Aws.Ec2.NetworkAclArgs { VpcId = aws_vpc.Id, }); var privateS3NetworkAclRule = new Aws.Ec2.NetworkAclRule("privateS3NetworkAclRule", new Aws.Ec2.NetworkAclRuleArgs { NetworkAclId = bar.Id, RuleNumber = 200, Egress = false, Protocol = "tcp", RuleAction = "allow", CidrBlock = privateS3PrefixList.Apply(privateS3PrefixList => privateS3PrefixList.CidrBlocks[0]), FromPort = 443, ToPort = 443, }); var amis = Aws.Ec2.GetAmiIds.Invoke(new Aws.Ec2.GetAmiIdsInvokeArgs { Owners = { bar.Id, }, Filters = { new Aws.Ec2.Inputs.GetAmiIdsFilterInputArgs { Name = bar.Id, Values = { "pulumi*", }, }, }, }); }
public MyStack() { var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var ip_example = new Aws.LB.TargetGroup("ip-example", new Aws.LB.TargetGroupArgs { Port = 80, Protocol = "HTTP", TargetType = "ip", VpcId = main.Id, }); }
public MyStack() { var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs { AssignGeneratedIpv6CidrBlock = true, CidrBlock = "10.1.0.0/16", }); var exampleEgressOnlyInternetGateway = new Aws.Ec2.EgressOnlyInternetGateway("exampleEgressOnlyInternetGateway", new Aws.Ec2.EgressOnlyInternetGatewayArgs { Tags = { { "Name", "main" }, }, VpcId = exampleVpc.Id, }); }
public MyStack() { var exampleLocalGatewayRouteTable = Output.Create(Aws.Ec2.GetLocalGatewayRouteTable.InvokeAsync(new Aws.Ec2.GetLocalGatewayRouteTableArgs { OutpostArn = "arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef", })); var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var exampleLocalGatewayRouteTableVpcAssociation = new Aws.Ec2.LocalGatewayRouteTableVpcAssociation("exampleLocalGatewayRouteTableVpcAssociation", new Aws.Ec2.LocalGatewayRouteTableVpcAssociationArgs { LocalGatewayRouteTableId = exampleLocalGatewayRouteTable.Apply(exampleLocalGatewayRouteTable => exampleLocalGatewayRouteTable.Id), VpcId = exampleVpc.Id, }); }
public MyStack() { var peer = new Aws.Provider("peer", new Aws.ProviderArgs { Region = "us-west-2", }); var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var peerVpc = new Aws.Ec2.Vpc("peerVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.1.0.0/16", }, new CustomResourceOptions { Provider = "aws.peer", }); var peerCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync()); // Requester's side of the connection. var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection("peerVpcPeeringConnection", new Aws.Ec2.VpcPeeringConnectionArgs { AutoAccept = false, PeerOwnerId = peerCallerIdentity.Apply(peerCallerIdentity => peerCallerIdentity.AccountId), PeerRegion = "us-west-2", PeerVpcId = peerVpc.Id, Tags = { { "Side", "Requester" }, }, VpcId = main.Id, }); // Accepter's side of the connection. var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter("peerVpcPeeringConnectionAccepter", new Aws.Ec2.VpcPeeringConnectionAccepterArgs { AutoAccept = true, Tags = { { "Side", "Accepter" }, }, VpcPeeringConnectionId = peerVpcPeeringConnection.Id, }, new CustomResourceOptions { Provider = "aws.peer", }); }
public MyStack() { var s3 = Output.Create(Aws.Ec2.GetVpcEndpointService.InvokeAsync(new Aws.Ec2.GetVpcEndpointServiceArgs { Service = "s3", })); // Create a VPC var foo = new Aws.Ec2.Vpc("foo", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); // Create a VPC endpoint var ep = new Aws.Ec2.VpcEndpoint("ep", new Aws.Ec2.VpcEndpointArgs { ServiceName = s3.Apply(s3 => s3.ServiceName), VpcId = foo.Id, }); }
public MyStack() { var foo = new Aws.Ec2.Vpc("foo", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var alphaSubnet = new Aws.Ec2.Subnet("alphaSubnet", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-west-2a", CidrBlock = "10.0.1.0/24", VpcId = foo.Id, }); var alphaMountTarget = new Aws.Efs.MountTarget("alphaMountTarget", new Aws.Efs.MountTargetArgs { FileSystemId = aws_efs_file_system.Foo.Id, SubnetId = alphaSubnet.Id, }); }
public MyStack() { var network = new Aws.Ec2.Vpc("network", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var vpn = new Aws.Ec2.VpnGateway("vpn", new Aws.Ec2.VpnGatewayArgs { Tags = { { "Name", "example-vpn-gateway" }, }, }); var vpnAttachment = new Aws.Ec2.VpnGatewayAttachment("vpnAttachment", new Aws.Ec2.VpnGatewayAttachmentArgs { VpcId = network.Id, VpnGatewayId = vpn.Id, }); }
public MyStack() { var mainVpc = new Aws.Ec2.Vpc("mainVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var private_a = new Aws.Ec2.Subnet("private-a", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-east-1a", CidrBlock = "10.0.0.0/24", VpcId = mainVpc.Id, }); var private_b = new Aws.Ec2.Subnet("private-b", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-east-1b", CidrBlock = "10.0.1.0/24", VpcId = mainVpc.Id, }); var mainDirectory = new Aws.DirectoryService.Directory("mainDirectory", new Aws.DirectoryService.DirectoryArgs { Password = "******", Size = "Small", VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs { SubnetIds = { private_a.Id, private_b.Id, }, VpcId = mainVpc.Id, }, }); var mainWorkspaces_directoryDirectory = new Aws.Workspaces.Directory("mainWorkspaces/directoryDirectory", new Aws.Workspaces.DirectoryArgs { DirectoryId = mainDirectory.Id, SelfServicePermissions = new Aws.Workspaces.Inputs.DirectorySelfServicePermissionsArgs { IncreaseVolumeSize = true, RebuildWorkspace = true, }, }); }
public MyStack() { var exampleGateway = new Aws.DirectConnect.Gateway("exampleGateway", new Aws.DirectConnect.GatewayArgs { AmazonSideAsn = "64512", }); var exampleVpc = new Aws.Ec2.Vpc("exampleVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.255.255.0/28", }); var exampleVpnGateway = new Aws.Ec2.VpnGateway("exampleVpnGateway", new Aws.Ec2.VpnGatewayArgs { VpcId = exampleVpc.Id, }); var exampleGatewayAssociation = new Aws.DirectConnect.GatewayAssociation("exampleGatewayAssociation", new Aws.DirectConnect.GatewayAssociationArgs { AssociatedGatewayId = exampleVpnGateway.Id, DxGatewayId = exampleGateway.Id, }); }
public MyStack() { var fooVpc = new Aws.Ec2.Vpc("fooVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.1.0.0/16", }); var fooSubnet = new Aws.Ec2.Subnet("fooSubnet", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-west-2a", CidrBlock = "10.1.1.0/24", Tags = { { "Name", "tf-dbsubnet-test-1" }, }, VpcId = fooVpc.Id, }); var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-west-2b", CidrBlock = "10.1.2.0/24", Tags = { { "Name", "tf-dbsubnet-test-2" }, }, VpcId = fooVpc.Id, }); var fooSubnetGroup = new Aws.RedShift.SubnetGroup("fooSubnetGroup", new Aws.RedShift.SubnetGroupArgs { SubnetIds = { fooSubnet.Id, bar.Id, }, Tags = { { "environment", "Production" }, }, }); }
public MyStack() { var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var foo = new Aws.Ec2.Subnet("foo", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-west-2a", CidrBlock = "10.0.1.0/24", VpcId = main.Id, }); var bar = new Aws.Ec2.Subnet("bar", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-west-2b", CidrBlock = "10.0.2.0/24", VpcId = main.Id, }); var connector = new Aws.DirectoryService.Directory("connector", new Aws.DirectoryService.DirectoryArgs { ConnectSettings = new Aws.DirectoryService.Inputs.DirectoryConnectSettingsArgs { CustomerDnsIps = { "A.B.C.D", }, CustomerUsername = "******", SubnetIds = { foo.Id, bar.Id, }, VpcId = main.Id, }, Password = "******", Size = "Small", Type = "ADConnector", }); }
public MyStack() { var main = new Aws.Ec2.Vpc("main", new Aws.Ec2.VpcArgs { CidrBlock = "10.0.0.0/16", }); var foo = new Aws.Ec2.Subnet("foo", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-west-2a", CidrBlock = "10.0.1.0/24", VpcId = main.Id, }); var barSubnet = new Aws.Ec2.Subnet("barSubnet", new Aws.Ec2.SubnetArgs { AvailabilityZone = "us-west-2b", CidrBlock = "10.0.2.0/24", VpcId = main.Id, }); var barDirectory = new Aws.DirectoryService.Directory("barDirectory", new Aws.DirectoryService.DirectoryArgs { Edition = "Standard", Password = "******", Tags = { { "Project", "foo" }, }, Type = "MicrosoftAD", VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs { SubnetIds = { foo.Id, barSubnet.Id, }, VpcId = main.Id, }, }); }
static Task <int> Main() { return(Deployment.RunAsync(async() => { var region = Aws.Config.Region; var fullProjectStack = $"{Deployment.Instance.ProjectName}-{Deployment.Instance.StackName}"; // Create the VPC. var vpc = new Ec2.Vpc("VPC", new Ec2.VpcArgs { CidrBlock = Config.VpcCidr, InstanceTenancy = Config.VpcTenancy, EnableDnsSupport = true, EnableDnsHostnames = true, Tags = new Dictionary <string, object> { { "Name", fullProjectStack } }, }); // Associate DHCP options with our VPC. var dhcpOptions = new Ec2.VpcDhcpOptions("DHCPOptions", new Ec2.VpcDhcpOptionsArgs { DomainName = (region == "us-east-1" ? "ec2.internal" : $"{region}.compute.internal"), DomainNameServers = { "AmazonProvidedDNS" }, }); var vpcDhcpOptionsAssociation = new Ec2.VpcDhcpOptionsAssociation("VPCDHCPOptionsAssociation", new Ec2.VpcDhcpOptionsAssociationArgs { VpcId = vpc.Id, DhcpOptionsId = dhcpOptions.Id, }); // Create an Internet Gateway for our public subnet to connect to the Internet. var internetGateway = new Ec2.InternetGateway("InternetGateway", new Ec2.InternetGatewayArgs { VpcId = vpc.Id, Tags = new Dictionary <string, object> { { "Name", fullProjectStack } }, }); // Creat a Route Table for public subnets to use the Internet Gateway for 0.0.0.0/0 traffic. var publicSubnetRouteTable = new Ec2.RouteTable("PublicSubnetRouteTable", new Ec2.RouteTableArgs { VpcId = vpc.Id, Tags = new Dictionary <string, object> { { "Name", "Public Subnets" }, { "Network", "Public" }, }, }); var publicSubnetRoute = new Ec2.Route("PublicSubnetRoute", new Ec2.RouteArgs { RouteTableId = publicSubnetRouteTable.Id, DestinationCidrBlock = "0.0.0.0/0", GatewayId = internetGateway.Id, }); // For each AZ, create the NAT Gateways and public and private subnets. Keep track of various properties // so that they can be exported as top-level stack exports later on. var natEips = ImmutableArray.CreateBuilder <Output <string> >(); var publicSubnetIds = ImmutableArray.CreateBuilder <Output <string> >(); var privateSubnetIds = ImmutableArray.CreateBuilder <Output <string> >(); var protectedSubnetIds = ImmutableArray.CreateBuilder <Output <string> >(); var privateSubnetRouteTableIds = ImmutableArray.CreateBuilder <Output <string> >(); var publicSubnetCidrs = await Config.GetPublicSubnetCidrs(); var publicSubnetTags = await Config.GetPublicSubnetTags(); var privateSubnetCidrs = await Config.GetPrivateSubnetCidrs(); var privateSubnetTags = await Config.GetPrivateSubnetTags(); var protectedSubnetCidrs = await Config.GetProtectedSubnetCidrs(); var protectedSubnetTags = await Config.GetProtectedSubnetTags(); var azs = await Config.GetAvailabilityZones(); for (var i = 0; i < azs.Length; i++) { var az = azs[i]; // Each AZ gets a public subnet. var publicSubnet = new Ec2.Subnet($"PublicSubnet{i}", new Ec2.SubnetArgs { VpcId = vpc.Id, AvailabilityZone = az, CidrBlock = publicSubnetCidrs[i], MapPublicIpOnLaunch = true, Tags = publicSubnetTags[i].Add("Name", $"Public subnet {i}"), }); publicSubnetIds.Add(publicSubnet.Id); var publicSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PublicSubnet{i}RouteTableAssociation", new Ec2.RouteTableAssociationArgs { SubnetId = publicSubnet.Id, RouteTableId = publicSubnetRouteTable.Id, }); // If desired, create a NAT Gateway and private subnet for each AZ. if (Config.CreatePrivateSubnets) { var natEip = new Ec2.Eip($"NAT{i}EIP", new Ec2.EipArgs { Vpc = true }, new CustomResourceOptions { DependsOn = { internetGateway } }); var natGateway = new Ec2.NatGateway($"NATGateway{i}", new Ec2.NatGatewayArgs { SubnetId = publicSubnet.Id, AllocationId = natEip.Id, }); natEips.Add(natEip.PublicIp); var privateSubnet = new Ec2.Subnet($"PrivateSubnet{i}A", new Ec2.SubnetArgs { VpcId = vpc.Id, AvailabilityZone = az, CidrBlock = privateSubnetCidrs[i], Tags = privateSubnetTags[i].Add("Name", $"Private subnet {i}A"), }); privateSubnetIds.Add(privateSubnet.Id); var privateSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}ARouteTable", new Ec2.RouteTableArgs { VpcId = vpc.Id, Tags = new Dictionary <string, object> { { "Name", $"Private subnet {i}A" }, { "Network", "Private" }, }, }); var privateSubnetRoute = new Ec2.Route($"PrivateSubnet{i}ARoute", new Ec2.RouteArgs { RouteTableId = privateSubnetRouteTable.Id, DestinationCidrBlock = "0.0.0.0/0", NatGatewayId = natGateway.Id, }); var privateSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}ARouteTableAssociation", new Ec2.RouteTableAssociationArgs { SubnetId = privateSubnet.Id, RouteTableId = privateSubnetRouteTable.Id, }); // Remember the route table ID for the VPC endpoint later. privateSubnetRouteTableIds.Add(privateSubnetRouteTable.Id); // If desired, create additional private subnets with dedicated network ACLs for extra protection. if (Config.CreateProtectedSubnets) { var protectedSubnet = new Ec2.Subnet($"PrivateSubnet{i}B", new Ec2.SubnetArgs { VpcId = vpc.Id, AvailabilityZone = az, CidrBlock = protectedSubnetCidrs[i], Tags = protectedSubnetTags[i].Add("Name", $"Private subnet ${i}B"), }); protectedSubnetIds.Add(protectedSubnet.Id); var protectedSubnetRouteTable = new Ec2.RouteTable($"PrivateSubnet{i}BRouteTable", new Ec2.RouteTableArgs { VpcId = vpc.Id, Tags = new Dictionary <string, object> { { "Name", $"Private subnet {i}B" }, { "Network", "Private" }, }, }); var protectedSubnetRoute = new Ec2.Route($"PrivateSubnet{i}BRoute", new Ec2.RouteArgs { RouteTableId = protectedSubnetRouteTable.Id, DestinationCidrBlock = "0.0.0.0/0", NatGatewayId = natGateway.Id, }); var protectedSubnetRouteTableAssociation = new Ec2.RouteTableAssociation($"PrivateSubnet{i}BRouteTableAssociation", new Ec2.RouteTableAssociationArgs { SubnetId = protectedSubnet.Id, RouteTableId = protectedSubnetRouteTable.Id, }); var protectedSubnetNetworkAcl = new Ec2.NetworkAcl($"PrivateSubnet{i}BNetworkAcl", new Ec2.NetworkAclArgs { VpcId = vpc.Id, SubnetIds = { protectedSubnet.Id }, Tags = new Dictionary <string, object> { { "Name", $"NACL protected subnet {i}" }, { "Network", "NACL Protected" }, }, }); var protectedSubnetNetworkAclEntryInbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryInbound", new Ec2.NetworkAclRuleArgs { NetworkAclId = protectedSubnetNetworkAcl.Id, CidrBlock = "0.0.0.0/0", Egress = false, Protocol = "-1", RuleAction = "allow", RuleNumber = 100, }); var protectedSubnetNetworkAclEntryOutbound = new Ec2.NetworkAclRule($"PrivateSubnet{i}BNetworkAclEntryOutbound", new Ec2.NetworkAclRuleArgs { NetworkAclId = protectedSubnetNetworkAcl.Id, CidrBlock = "0.0.0.0/0", Egress = true, Protocol = "-1", RuleAction = "allow", RuleNumber = 100, }); // Remember the route table ID for the VPC endpoint later. privateSubnetRouteTableIds.Add(protectedSubnetRouteTable.Id); } } } // If we created private subnets, allocate an S3 VPC Endpoint to simplify access to S3. Output <string>?s3VpcEndpointId = null; if (Config.CreatePrivateSubnets) { s3VpcEndpointId = new Ec2.VpcEndpoint("S3VPCEndpoint", new Ec2.VpcEndpointArgs { VpcId = vpc.Id, Policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [{ ""Action"": ""*"", ""Effect"": ""Allow"", ""Resource"": ""*"", ""Principal"": ""*"" }] } ", RouteTableIds = privateSubnetRouteTableIds.ToImmutable(), ServiceName = $"com.amazonaws.{region}.s3", }).Id; } // Export all of the resulting properties that upstream stacks may want to consume. return new Dictionary <string, object?> { { "vpcId", vpc.Id }, { "vpcCidr", vpc.CidrBlock }, { "natEips", natEips.ToImmutableArray() }, { "publicSubnetIds", publicSubnetIds.ToImmutableArray() }, { "publicSubnetCidrs", publicSubnetCidrs }, { "publicSubnetRouteTableId", publicSubnetRouteTable.Id }, { "privateSubnetIds", privateSubnetIds.ToImmutableArray() }, { "privateSubnetCidrs", privateSubnetCidrs }, { "protectedSubnetIds", protectedSubnetIds.ToImmutableArray() }, { "protectedSubnetCidrs", protectedSubnetCidrs }, { "privateSubnetRouteTableIds", privateSubnetRouteTableIds.ToImmutableArray() }, { "s3VpcEndpointId", s3VpcEndpointId }, }; })); }
public MyStack() { var ecsInstanceRoleRole = new Aws.Iam.Role("ecsInstanceRoleRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": ""sts:AssumeRole"", ""Effect"": ""Allow"", ""Principal"": { ""Service"": ""ec2.amazonaws.com"" } } ] } ", }); var ecsInstanceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("ecsInstanceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs { PolicyArn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role", Role = ecsInstanceRoleRole.Name, }); var ecsInstanceRoleInstanceProfile = new Aws.Iam.InstanceProfile("ecsInstanceRoleInstanceProfile", new Aws.Iam.InstanceProfileArgs { Role = ecsInstanceRoleRole.Name, }); var awsBatchServiceRoleRole = new Aws.Iam.Role("awsBatchServiceRoleRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [ { ""Action"": ""sts:AssumeRole"", ""Effect"": ""Allow"", ""Principal"": { ""Service"": ""batch.amazonaws.com"" } } ] } ", }); var awsBatchServiceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("awsBatchServiceRoleRolePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs { PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole", Role = awsBatchServiceRoleRole.Name, }); var sampleSecurityGroup = new Aws.Ec2.SecurityGroup("sampleSecurityGroup", new Aws.Ec2.SecurityGroupArgs { Egress = { new Aws.Ec2.Inputs.SecurityGroupEgressArgs { CidrBlocks = { "0.0.0.0/0", }, FromPort = 0, Protocol = "-1", ToPort = 0, }, }, }); var sampleVpc = new Aws.Ec2.Vpc("sampleVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.1.0.0/16", }); var sampleSubnet = new Aws.Ec2.Subnet("sampleSubnet", new Aws.Ec2.SubnetArgs { CidrBlock = "10.1.1.0/24", VpcId = sampleVpc.Id, }); var sampleComputeEnvironment = new Aws.Batch.ComputeEnvironment("sampleComputeEnvironment", new Aws.Batch.ComputeEnvironmentArgs { ComputeEnvironmentName = "sample", ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs { InstanceRole = ecsInstanceRoleInstanceProfile.Arn, InstanceType = { "c4.large", }, MaxVcpus = 16, MinVcpus = 0, SecurityGroupIds = { sampleSecurityGroup.Id, }, Subnets = { sampleSubnet.Id, }, Type = "EC2", }, ServiceRole = awsBatchServiceRoleRole.Arn, Type = "MANAGED", }, new CustomResourceOptions { DependsOn = { "aws_iam_role_policy_attachment.aws_batch_service_role", }, }); }
private async Task <IDictionary <string, Output <string> > > Initialize() { // VPC var eksVpc = new Aws.Ec2.Vpc("eksVpc", new Aws.Ec2.VpcArgs { CidrBlock = "10.100.0.0/16", InstanceTenancy = "default", EnableDnsHostnames = true, EnableDnsSupport = true, Tags = { { "Name", "pulumi-eks-vpc" }, }, }); var eksIgw = new Aws.Ec2.InternetGateway("eksIgw", new Aws.Ec2.InternetGatewayArgs { VpcId = eksVpc.Id, Tags = { { "Name", "pulumi-vpc-ig" }, }, }); var eksRouteTable = new Aws.Ec2.RouteTable("eksRouteTable", new Aws.Ec2.RouteTableArgs { VpcId = eksVpc.Id, Routes = { new Aws.Ec2.Inputs.RouteTableRouteArgs { CidrBlock = "0.0.0.0/0", GatewayId = eksIgw.Id, }, }, Tags = { { "Name", "pulumi-vpc-rt" }, }, }); // Subnets, one for each AZ in a region var zones = await Aws.GetAvailabilityZones.InvokeAsync(); var vpcSubnet = new List <Aws.Ec2.Subnet>(); foreach (var range in zones.Names.Select((v, k) => new { Key = k, Value = v })) { vpcSubnet.Add(new Aws.Ec2.Subnet($"vpcSubnet-{range.Key}", new Aws.Ec2.SubnetArgs { AssignIpv6AddressOnCreation = false, VpcId = eksVpc.Id, MapPublicIpOnLaunch = true, CidrBlock = $"10.100.{range.Key}.0/24", AvailabilityZone = range.Value, Tags = { { "Name", $"pulumi-sn-{range.Value}" }, }, })); } var rta = new List <Aws.Ec2.RouteTableAssociation>(); foreach (var range in zones.Names.Select((v, k) => new { Key = k, Value = v })) { rta.Add(new Aws.Ec2.RouteTableAssociation($"rta-{range.Key}", new Aws.Ec2.RouteTableAssociationArgs { RouteTableId = eksRouteTable.Id, SubnetId = vpcSubnet[range.Key].Id, })); } var subnetIds = vpcSubnet.Select(__item => __item.Id).ToList(); var eksSecurityGroup = new Aws.Ec2.SecurityGroup("eksSecurityGroup", new Aws.Ec2.SecurityGroupArgs { VpcId = eksVpc.Id, Description = "Allow all HTTP(s) traffic to EKS Cluster", Tags = { { "Name", "pulumi-cluster-sg" }, }, Ingress = { new Aws.Ec2.Inputs.SecurityGroupIngressArgs { CidrBlocks = { "0.0.0.0/0", }, FromPort = 443, ToPort = 443, Protocol = "tcp", Description = "Allow pods to communicate with the cluster API Server.", }, new Aws.Ec2.Inputs.SecurityGroupIngressArgs { CidrBlocks = { "0.0.0.0/0", }, FromPort = 80, ToPort = 80, Protocol = "tcp", Description = "Allow internet access to pods", }, }, }); // EKS Cluster Role var eksRole = new Aws.Iam.Role("eksRole", new Aws.Iam.RoleArgs { AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary <string, object?> { { "Version", "2012-10-17" }, { "Statement", new[] { new Dictionary <string, object?> { { "Action", "sts:AssumeRole" }, { "Principal", new Dictionary <string, object?> { { "Service", "eks.amazonaws.com" }, } }, { "Effect", "Allow" }, { "Sid", "" }, }, } }, }), }); var servicePolicyAttachment = new Aws.Iam.RolePolicyAttachment("servicePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs { Role = eksRole.Id, PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy", }); var clusterPolicyAttachment = new Aws.Iam.RolePolicyAttachment("clusterPolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs { Role = eksRole.Id, PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy", }); // EC2 NodeGroup Role var ec2Role = new Aws.Iam.Role("ec2Role", new Aws.Iam.RoleArgs { AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary <string, object?> { { "Version", "2012-10-17" }, { "Statement", new[] { new Dictionary <string, object?> { { "Action", "sts:AssumeRole" }, { "Principal", new Dictionary <string, object?> { { "Service", "ec2.amazonaws.com" }, } }, { "Effect", "Allow" }, { "Sid", "" }, }, } }, }), }); var workerNodePolicyAttachment = new Aws.Iam.RolePolicyAttachment("workerNodePolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs { Role = ec2Role.Id, PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", }); var cniPolicyAttachment = new Aws.Iam.RolePolicyAttachment("cniPolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs { Role = ec2Role.Id, PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSCNIPolicy", }); var registryPolicyAttachment = new Aws.Iam.RolePolicyAttachment("registryPolicyAttachment", new Aws.Iam.RolePolicyAttachmentArgs { Role = ec2Role.Id, PolicyArn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", }); // EKS Cluster var eksCluster = new Aws.Eks.Cluster("eksCluster", new Aws.Eks.ClusterArgs { RoleArn = eksRole.Arn, Tags = { { "Name", "pulumi-eks-cluster" }, }, VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs { PublicAccessCidrs = { "0.0.0.0/0", }, SecurityGroupIds = { eksSecurityGroup.Id, }, SubnetIds = subnetIds, }, }); var nodeGroup = new Aws.Eks.NodeGroup("nodeGroup", new Aws.Eks.NodeGroupArgs { ClusterName = eksCluster.Name, NodeGroupName = "pulumi-eks-nodegroup", NodeRoleArn = ec2Role.Arn, SubnetIds = subnetIds, Tags = { { "Name", "pulumi-cluster-nodeGroup" }, }, ScalingConfig = new Aws.Eks.Inputs.NodeGroupScalingConfigArgs { DesiredSize = 2, MaxSize = 2, MinSize = 1, }, }); var clusterName = eksCluster.Name; var kubeconfig = Output.Tuple(eksCluster.Endpoint, eksCluster.CertificateAuthority, eksCluster.Name).Apply(values => { var endpoint = values.Item1; var certificateAuthority = values.Item2; var name = values.Item3; return(JsonSerializer.Serialize(new Dictionary <string, object?> { { "apiVersion", "v1" }, { "clusters", new[] { new Dictionary <string, object?> { { "cluster", new Dictionary <string, object?> { { "server", endpoint }, { "certificate-authority-data", certificateAuthority.Data }, } }, { "name", "kubernetes" }, }, } }, { "contexts", new[] { new Dictionary <string, object?> { { "contest", new Dictionary <string, object?> { { "cluster", "kubernetes" }, { "user", "aws" }, } }, }, } }, { "current-context", "aws" }, { "kind", "Config" }, { "users", new[] { new Dictionary <string, object?> { { "name", "aws" }, { "user", new Dictionary <string, object?> { { "exec", new Dictionary <string, object?> { { "apiVersion", "client.authentication.k8s.io/v1alpha1" }, { "command", "aws-iam-authenticator" }, } }, { "args", new[] { "token", "-i", name, } }, } }, }, } }, })); }); return(new Dictionary <string, Output <string> > { { "clusterName", clusterName }, { "kubeconfig", kubeconfig }, }); }