From 3390b4498af7edeb3cefed4e8d2a30e02585e0d5 Mon Sep 17 00:00:00 2001 From: pulumi-bot Date: Tue, 21 Jan 2025 07:15:22 +0000 Subject: [PATCH] make tfgen --- examples/go.mod | 8 +- examples/go.sum | 12 +-- provider/cmd/pulumi-resource-aws/schema.json | 56 ++++++------- provider/go.mod | 8 +- provider/go.sum | 12 +-- sdk/go.mod | 24 +++--- sdk/go.sum | 82 +++++++------------- 7 files changed, 93 insertions(+), 109 deletions(-) diff --git a/examples/go.mod b/examples/go.mod index cfcb55a5162..f4c1f6b6928 100644 --- a/examples/go.mod +++ b/examples/go.mod @@ -13,9 +13,9 @@ require ( github.com/aws/aws-sdk-go-v2/service/s3 v1.72.1 github.com/pulumi/providertest v0.1.3 github.com/pulumi/pulumi-aws/provider/v6 v6.0.0-00010101000000-000000000000 - github.com/pulumi/pulumi-terraform-bridge/v3 v3.100.0 + github.com/pulumi/pulumi-terraform-bridge/v3 v3.101.0 github.com/pulumi/pulumi/pkg/v3 v3.145.0 - github.com/pulumi/pulumi/sdk/v3 v3.145.0 + github.com/pulumi/pulumi/sdk/v3 v3.146.0 github.com/stretchr/testify v1.10.0 ) @@ -524,3 +524,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.146.1-0.20250121060027-dc18400ce9c3 + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.146.1-0.20250121060027-dc18400ce9c3 diff --git a/examples/go.sum b/examples/go.sum index be29a24d20d..b8d6ecd07f9 100644 --- a/examples/go.sum +++ b/examples/go.sum @@ -2468,14 +2468,14 @@ github.com/pulumi/providertest v0.1.3 h1:GpNKRy/haNjRHiUA9bi4diU4Op2zf3axYXbga5A github.com/pulumi/providertest v0.1.3/go.mod h1:GcsqEGgSngwaNOD+kICJPIUQlnA911fGBU8HDlJvVL0= github.com/pulumi/pulumi-java/pkg v0.19.0 h1:T9kkGUQJV7UTxenw08m3txsgQkNVnZZxvn1zCcNjaE8= github.com/pulumi/pulumi-java/pkg v0.19.0/go.mod h1:YKYYFEb3Jvzf/dDJo0xOeEkIfBAMkkkdhXulauvEjmc= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.100.0 h1:L03nXHLprXuF0wIihoKFIjpE8oSPomiMayrRVDv1VgY= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.100.0/go.mod h1:r+cxSrRxwCRbHMdKMKWU3NKDcUTm9xa9PcBDuHQnRkI= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.101.0 h1:LucjkMkSU2iMuMdLYhRaVDiCYbJ1Fqve/sMw+iffjEY= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.101.0/go.mod h1:r+cxSrRxwCRbHMdKMKWU3NKDcUTm9xa9PcBDuHQnRkI= github.com/pulumi/pulumi-yaml v1.12.0 h1:ThJP+EBqeJyCnS6w6/PwcEFOT5o112qv0lObhefmFCk= github.com/pulumi/pulumi-yaml v1.12.0/go.mod h1:EhZd1XDfuLa15O51qVVE16U6r8ldK9mLIBclqWCX27Y= -github.com/pulumi/pulumi/pkg/v3 v3.145.0 h1:hAhFLieunnCKuMd3GbLqE5uWQ1hpNLdl6+bCDFSF4YQ= -github.com/pulumi/pulumi/pkg/v3 v3.145.0/go.mod h1:N19IsMJ3GyYO5N2JfpsCAVk0eH1NKkF05fZGn5dnhBE= -github.com/pulumi/pulumi/sdk/v3 v3.145.0 h1:r5iOgz67RElFXJt4GVVY2SBGh5sR24mL9NOcKBiBi/k= -github.com/pulumi/pulumi/sdk/v3 v3.145.0/go.mod h1:5pZySnw3RiQKddx8orThjEFmWsXkGAY3ktKOxZj2Ym4= +github.com/pulumi/pulumi/pkg/v3 v3.146.1-0.20250121060027-dc18400ce9c3 h1:Oqa6iFbNu8MKQxpefeTBGtfyim/SoDE7lDb1ENrffmg= +github.com/pulumi/pulumi/pkg/v3 v3.146.1-0.20250121060027-dc18400ce9c3/go.mod h1:LmyTEt+Ruv8qzIq2FBx1i7hyhAFxp2s0IZM2RMI99S0= +github.com/pulumi/pulumi/sdk/v3 v3.146.1-0.20250121060027-dc18400ce9c3 h1:la90ats8GRHjJCZX60zdyk5MrQpuEksLwCoy9G+V7RM= +github.com/pulumi/pulumi/sdk/v3 v3.146.1-0.20250121060027-dc18400ce9c3/go.mod h1:+WC9aIDo8fMgd2g0jCHuZU2S/VYNLRAZ3QXt6YVgwaA= github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo= github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json index 8b12dc1239f..78867960723 100644 --- a/provider/cmd/pulumi-resource-aws/schema.json +++ b/provider/cmd/pulumi-resource-aws/schema.json @@ -178388,7 +178388,7 @@ } }, "aws:apigateway/method:Method": { - "description": "Provides a HTTP Method for an API Gateway Resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"MyDemoAPI\", {\n name: \"MyDemoAPI\",\n description: \"This is my API for demonstration purposes\",\n});\nconst myDemoResource = new aws.apigateway.Resource(\"MyDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"MyDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"MyDemoAPI\",\n name=\"MyDemoAPI\",\n description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"MyDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"MyDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"MyDemoAPI\", new()\n {\n Name = \"MyDemoAPI\",\n Description = \"This is my API for demonstration purposes\",\n });\n\n var myDemoResource = new Aws.ApiGateway.Resource(\"MyDemoResource\", new()\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n\n var myDemoMethod = new Aws.ApiGateway.Method(\"MyDemoMethod\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"MyDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"MyDemoAPI\"),\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"MyDemoResource\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewMethod(ctx, \"MyDemoMethod\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder()\n .name(\"MyDemoAPI\")\n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var myDemoResource = new Resource(\"myDemoResource\", ResourceArgs.builder()\n .restApi(myDemoAPI.id())\n .parentId(myDemoAPI.rootResourceId())\n .pathPart(\"mydemoresource\")\n .build());\n\n var myDemoMethod = new Method(\"myDemoMethod\", MethodArgs.builder()\n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n name: MyDemoAPI\n properties:\n name: MyDemoAPI\n description: This is my API for demonstration purposes\n myDemoResource:\n type: aws:apigateway:Resource\n name: MyDemoResource\n properties:\n restApi: ${myDemoAPI.id}\n parentId: ${myDemoAPI.rootResourceId}\n pathPart: mydemoresource\n myDemoMethod:\n type: aws:apigateway:Method\n name: MyDemoMethod\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: GET\n authorization: NONE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Usage with Cognito User Pool Authorizer\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst cognitoUserPoolName = config.requireObject(\"cognitoUserPoolName\");\nconst this = aws.cognito.getUserPools({\n name: cognitoUserPoolName,\n});\nconst thisRestApi = new aws.apigateway.RestApi(\"this\", {name: \"with-authorizer\"});\nconst thisResource = new aws.apigateway.Resource(\"this\", {\n restApi: thisRestApi.id,\n parentId: thisRestApi.rootResourceId,\n pathPart: \"{proxy+}\",\n});\nconst thisAuthorizer = new aws.apigateway.Authorizer(\"this\", {\n name: \"CognitoUserPoolAuthorizer\",\n type: \"COGNITO_USER_POOLS\",\n restApi: thisRestApi.id,\n providerArns: _this.then(_this =\u003e _this.arns),\n});\nconst any = new aws.apigateway.Method(\"any\", {\n restApi: thisRestApi.id,\n resourceId: thisResource.id,\n httpMethod: \"ANY\",\n authorization: \"COGNITO_USER_POOLS\",\n authorizerId: thisAuthorizer.id,\n requestParameters: {\n \"method.request.path.proxy\": true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ncognito_user_pool_name = config.require_object(\"cognitoUserPoolName\")\nthis = aws.cognito.get_user_pools(name=cognito_user_pool_name)\nthis_rest_api = aws.apigateway.RestApi(\"this\", name=\"with-authorizer\")\nthis_resource = aws.apigateway.Resource(\"this\",\n rest_api=this_rest_api.id,\n parent_id=this_rest_api.root_resource_id,\n path_part=\"{proxy+}\")\nthis_authorizer = aws.apigateway.Authorizer(\"this\",\n name=\"CognitoUserPoolAuthorizer\",\n type=\"COGNITO_USER_POOLS\",\n rest_api=this_rest_api.id,\n provider_arns=this.arns)\nany = aws.apigateway.Method(\"any\",\n rest_api=this_rest_api.id,\n resource_id=this_resource.id,\n http_method=\"ANY\",\n authorization=\"COGNITO_USER_POOLS\",\n authorizer_id=this_authorizer.id,\n request_parameters={\n \"method.request.path.proxy\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var cognitoUserPoolName = config.RequireObject\u003cdynamic\u003e(\"cognitoUserPoolName\");\n var @this = Aws.Cognito.GetUserPools.Invoke(new()\n {\n Name = cognitoUserPoolName,\n });\n\n var thisRestApi = new Aws.ApiGateway.RestApi(\"this\", new()\n {\n Name = \"with-authorizer\",\n });\n\n var thisResource = new Aws.ApiGateway.Resource(\"this\", new()\n {\n RestApi = thisRestApi.Id,\n ParentId = thisRestApi.RootResourceId,\n PathPart = \"{proxy+}\",\n });\n\n var thisAuthorizer = new Aws.ApiGateway.Authorizer(\"this\", new()\n {\n Name = \"CognitoUserPoolAuthorizer\",\n Type = \"COGNITO_USER_POOLS\",\n RestApi = thisRestApi.Id,\n ProviderArns = @this.Apply(@this =\u003e @this.Apply(getUserPoolsResult =\u003e getUserPoolsResult.Arns)),\n });\n\n var any = new Aws.ApiGateway.Method(\"any\", new()\n {\n RestApi = thisRestApi.Id,\n ResourceId = thisResource.Id,\n HttpMethod = \"ANY\",\n Authorization = \"COGNITO_USER_POOLS\",\n AuthorizerId = thisAuthorizer.Id,\n RequestParameters = \n {\n { \"method.request.path.proxy\", true },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tcognitoUserPoolName := cfg.RequireObject(\"cognitoUserPoolName\")\n\t\tthis, err := cognito.GetUserPools(ctx, \u0026cognito.GetUserPoolsArgs{\n\t\t\tName: cognitoUserPoolName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthisRestApi, err := apigateway.NewRestApi(ctx, \"this\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"with-authorizer\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthisResource, err := apigateway.NewResource(ctx, \"this\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: thisRestApi.ID(),\n\t\t\tParentId: thisRestApi.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"{proxy+}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthisAuthorizer, err := apigateway.NewAuthorizer(ctx, \"this\", \u0026apigateway.AuthorizerArgs{\n\t\t\tName: pulumi.String(\"CognitoUserPoolAuthorizer\"),\n\t\t\tType: pulumi.String(\"COGNITO_USER_POOLS\"),\n\t\t\tRestApi: thisRestApi.ID(),\n\t\t\tProviderArns: interface{}(this.Arns),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewMethod(ctx, \"any\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: thisRestApi.ID(),\n\t\t\tResourceId: thisResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"ANY\"),\n\t\t\tAuthorization: pulumi.String(\"COGNITO_USER_POOLS\"),\n\t\t\tAuthorizerId: thisAuthorizer.ID(),\n\t\t\tRequestParameters: pulumi.BoolMap{\n\t\t\t\t\"method.request.path.proxy\": pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.CognitoFunctions;\nimport com.pulumi.aws.cognito.inputs.GetUserPoolsArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Authorizer;\nimport com.pulumi.aws.apigateway.AuthorizerArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var cognitoUserPoolName = config.get(\"cognitoUserPoolName\");\n final var this = CognitoFunctions.getUserPools(GetUserPoolsArgs.builder()\n .name(cognitoUserPoolName)\n .build());\n\n var thisRestApi = new RestApi(\"thisRestApi\", RestApiArgs.builder()\n .name(\"with-authorizer\")\n .build());\n\n var thisResource = new Resource(\"thisResource\", ResourceArgs.builder()\n .restApi(thisRestApi.id())\n .parentId(thisRestApi.rootResourceId())\n .pathPart(\"{proxy+}\")\n .build());\n\n var thisAuthorizer = new Authorizer(\"thisAuthorizer\", AuthorizerArgs.builder()\n .name(\"CognitoUserPoolAuthorizer\")\n .type(\"COGNITO_USER_POOLS\")\n .restApi(thisRestApi.id())\n .providerArns(this_.arns())\n .build());\n\n var any = new Method(\"any\", MethodArgs.builder()\n .restApi(thisRestApi.id())\n .resourceId(thisResource.id())\n .httpMethod(\"ANY\")\n .authorization(\"COGNITO_USER_POOLS\")\n .authorizerId(thisAuthorizer.id())\n .requestParameters(Map.of(\"method.request.path.proxy\", true))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n cognitoUserPoolName:\n type: dynamic\nresources:\n thisRestApi:\n type: aws:apigateway:RestApi\n name: this\n properties:\n name: with-authorizer\n thisResource:\n type: aws:apigateway:Resource\n name: this\n properties:\n restApi: ${thisRestApi.id}\n parentId: ${thisRestApi.rootResourceId}\n pathPart: '{proxy+}'\n thisAuthorizer:\n type: aws:apigateway:Authorizer\n name: this\n properties:\n name: CognitoUserPoolAuthorizer\n type: COGNITO_USER_POOLS\n restApi: ${thisRestApi.id}\n providerArns: ${this.arns}\n any:\n type: aws:apigateway:Method\n properties:\n restApi: ${thisRestApi.id}\n resourceId: ${thisResource.id}\n httpMethod: ANY\n authorization: COGNITO_USER_POOLS\n authorizerId: ${thisAuthorizer.id}\n requestParameters:\n method.request.path.proxy: true\nvariables:\n this:\n fn::invoke:\n function: aws:cognito:getUserPools\n arguments:\n name: ${cognitoUserPoolName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_method` using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`. For example:\n\n```sh\n$ pulumi import aws:apigateway/method:Method example 12345abcde/67890fghij/GET\n```\n", + "description": "Provides a HTTP Method for an API Gateway Resource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"MyDemoAPI\", {\n name: \"MyDemoAPI\",\n description: \"This is my API for demonstration purposes\",\n});\nconst myDemoResource = new aws.apigateway.Resource(\"MyDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"MyDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"MyDemoAPI\",\n name=\"MyDemoAPI\",\n description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"MyDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"MyDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"MyDemoAPI\", new()\n {\n Name = \"MyDemoAPI\",\n Description = \"This is my API for demonstration purposes\",\n });\n\n var myDemoResource = new Aws.ApiGateway.Resource(\"MyDemoResource\", new()\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n\n var myDemoMethod = new Aws.ApiGateway.Method(\"MyDemoMethod\", new()\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"MyDemoAPI\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"MyDemoAPI\"),\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"MyDemoResource\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewMethod(ctx, \"MyDemoMethod\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myDemoAPI = new RestApi(\"myDemoAPI\", RestApiArgs.builder()\n .name(\"MyDemoAPI\")\n .description(\"This is my API for demonstration purposes\")\n .build());\n\n var myDemoResource = new Resource(\"myDemoResource\", ResourceArgs.builder()\n .restApi(myDemoAPI.id())\n .parentId(myDemoAPI.rootResourceId())\n .pathPart(\"mydemoresource\")\n .build());\n\n var myDemoMethod = new Method(\"myDemoMethod\", MethodArgs.builder()\n .restApi(myDemoAPI.id())\n .resourceId(myDemoResource.id())\n .httpMethod(\"GET\")\n .authorization(\"NONE\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myDemoAPI:\n type: aws:apigateway:RestApi\n name: MyDemoAPI\n properties:\n name: MyDemoAPI\n description: This is my API for demonstration purposes\n myDemoResource:\n type: aws:apigateway:Resource\n name: MyDemoResource\n properties:\n restApi: ${myDemoAPI.id}\n parentId: ${myDemoAPI.rootResourceId}\n pathPart: mydemoresource\n myDemoMethod:\n type: aws:apigateway:Method\n name: MyDemoMethod\n properties:\n restApi: ${myDemoAPI.id}\n resourceId: ${myDemoResource.id}\n httpMethod: GET\n authorization: NONE\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Usage with Cognito User Pool Authorizer\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst cognitoUserPoolName = config.requireObject(\"cognitoUserPoolName\");\nconst _this = aws.cognito.getUserPools({\n name: cognitoUserPoolName,\n});\nconst thisRestApi = new aws.apigateway.RestApi(\"this\", {name: \"with-authorizer\"});\nconst thisResource = new aws.apigateway.Resource(\"this\", {\n restApi: thisRestApi.id,\n parentId: thisRestApi.rootResourceId,\n pathPart: \"{proxy+}\",\n});\nconst thisAuthorizer = new aws.apigateway.Authorizer(\"this\", {\n name: \"CognitoUserPoolAuthorizer\",\n type: \"COGNITO_USER_POOLS\",\n restApi: thisRestApi.id,\n providerArns: _this.then(_this =\u003e _this.arns),\n});\nconst any = new aws.apigateway.Method(\"any\", {\n restApi: thisRestApi.id,\n resourceId: thisResource.id,\n httpMethod: \"ANY\",\n authorization: \"COGNITO_USER_POOLS\",\n authorizerId: thisAuthorizer.id,\n requestParameters: {\n \"method.request.path.proxy\": true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ncognito_user_pool_name = config.require_object(\"cognitoUserPoolName\")\nthis = aws.cognito.get_user_pools(name=cognito_user_pool_name)\nthis_rest_api = aws.apigateway.RestApi(\"this\", name=\"with-authorizer\")\nthis_resource = aws.apigateway.Resource(\"this\",\n rest_api=this_rest_api.id,\n parent_id=this_rest_api.root_resource_id,\n path_part=\"{proxy+}\")\nthis_authorizer = aws.apigateway.Authorizer(\"this\",\n name=\"CognitoUserPoolAuthorizer\",\n type=\"COGNITO_USER_POOLS\",\n rest_api=this_rest_api.id,\n provider_arns=this.arns)\nany = aws.apigateway.Method(\"any\",\n rest_api=this_rest_api.id,\n resource_id=this_resource.id,\n http_method=\"ANY\",\n authorization=\"COGNITO_USER_POOLS\",\n authorizer_id=this_authorizer.id,\n request_parameters={\n \"method.request.path.proxy\": True,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var cognitoUserPoolName = config.RequireObject\u003cdynamic\u003e(\"cognitoUserPoolName\");\n var @this = Aws.Cognito.GetUserPools.Invoke(new()\n {\n Name = cognitoUserPoolName,\n });\n\n var thisRestApi = new Aws.ApiGateway.RestApi(\"this\", new()\n {\n Name = \"with-authorizer\",\n });\n\n var thisResource = new Aws.ApiGateway.Resource(\"this\", new()\n {\n RestApi = thisRestApi.Id,\n ParentId = thisRestApi.RootResourceId,\n PathPart = \"{proxy+}\",\n });\n\n var thisAuthorizer = new Aws.ApiGateway.Authorizer(\"this\", new()\n {\n Name = \"CognitoUserPoolAuthorizer\",\n Type = \"COGNITO_USER_POOLS\",\n RestApi = thisRestApi.Id,\n ProviderArns = @this.Apply(@this =\u003e @this.Apply(getUserPoolsResult =\u003e getUserPoolsResult.Arns)),\n });\n\n var any = new Aws.ApiGateway.Method(\"any\", new()\n {\n RestApi = thisRestApi.Id,\n ResourceId = thisResource.Id,\n HttpMethod = \"ANY\",\n Authorization = \"COGNITO_USER_POOLS\",\n AuthorizerId = thisAuthorizer.Id,\n RequestParameters = \n {\n { \"method.request.path.proxy\", true },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tcognitoUserPoolName := cfg.RequireObject(\"cognitoUserPoolName\")\n\t\tthis, err := cognito.GetUserPools(ctx, \u0026cognito.GetUserPoolsArgs{\n\t\t\tName: cognitoUserPoolName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthisRestApi, err := apigateway.NewRestApi(ctx, \"this\", \u0026apigateway.RestApiArgs{\n\t\t\tName: pulumi.String(\"with-authorizer\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthisResource, err := apigateway.NewResource(ctx, \"this\", \u0026apigateway.ResourceArgs{\n\t\t\tRestApi: thisRestApi.ID(),\n\t\t\tParentId: thisRestApi.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"{proxy+}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthisAuthorizer, err := apigateway.NewAuthorizer(ctx, \"this\", \u0026apigateway.AuthorizerArgs{\n\t\t\tName: pulumi.String(\"CognitoUserPoolAuthorizer\"),\n\t\t\tType: pulumi.String(\"COGNITO_USER_POOLS\"),\n\t\t\tRestApi: thisRestApi.ID(),\n\t\t\tProviderArns: interface{}(this.Arns),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewMethod(ctx, \"any\", \u0026apigateway.MethodArgs{\n\t\t\tRestApi: thisRestApi.ID(),\n\t\t\tResourceId: thisResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"ANY\"),\n\t\t\tAuthorization: pulumi.String(\"COGNITO_USER_POOLS\"),\n\t\t\tAuthorizerId: thisAuthorizer.ID(),\n\t\t\tRequestParameters: pulumi.BoolMap{\n\t\t\t\t\"method.request.path.proxy\": pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cognito.CognitoFunctions;\nimport com.pulumi.aws.cognito.inputs.GetUserPoolsArgs;\nimport com.pulumi.aws.apigateway.RestApi;\nimport com.pulumi.aws.apigateway.RestApiArgs;\nimport com.pulumi.aws.apigateway.Resource;\nimport com.pulumi.aws.apigateway.ResourceArgs;\nimport com.pulumi.aws.apigateway.Authorizer;\nimport com.pulumi.aws.apigateway.AuthorizerArgs;\nimport com.pulumi.aws.apigateway.Method;\nimport com.pulumi.aws.apigateway.MethodArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var cognitoUserPoolName = config.get(\"cognitoUserPoolName\");\n final var this = CognitoFunctions.getUserPools(GetUserPoolsArgs.builder()\n .name(cognitoUserPoolName)\n .build());\n\n var thisRestApi = new RestApi(\"thisRestApi\", RestApiArgs.builder()\n .name(\"with-authorizer\")\n .build());\n\n var thisResource = new Resource(\"thisResource\", ResourceArgs.builder()\n .restApi(thisRestApi.id())\n .parentId(thisRestApi.rootResourceId())\n .pathPart(\"{proxy+}\")\n .build());\n\n var thisAuthorizer = new Authorizer(\"thisAuthorizer\", AuthorizerArgs.builder()\n .name(\"CognitoUserPoolAuthorizer\")\n .type(\"COGNITO_USER_POOLS\")\n .restApi(thisRestApi.id())\n .providerArns(this_.arns())\n .build());\n\n var any = new Method(\"any\", MethodArgs.builder()\n .restApi(thisRestApi.id())\n .resourceId(thisResource.id())\n .httpMethod(\"ANY\")\n .authorization(\"COGNITO_USER_POOLS\")\n .authorizerId(thisAuthorizer.id())\n .requestParameters(Map.of(\"method.request.path.proxy\", true))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n cognitoUserPoolName:\n type: dynamic\nresources:\n thisRestApi:\n type: aws:apigateway:RestApi\n name: this\n properties:\n name: with-authorizer\n thisResource:\n type: aws:apigateway:Resource\n name: this\n properties:\n restApi: ${thisRestApi.id}\n parentId: ${thisRestApi.rootResourceId}\n pathPart: '{proxy+}'\n thisAuthorizer:\n type: aws:apigateway:Authorizer\n name: this\n properties:\n name: CognitoUserPoolAuthorizer\n type: COGNITO_USER_POOLS\n restApi: ${thisRestApi.id}\n providerArns: ${this.arns}\n any:\n type: aws:apigateway:Method\n properties:\n restApi: ${thisRestApi.id}\n resourceId: ${thisResource.id}\n httpMethod: ANY\n authorization: COGNITO_USER_POOLS\n authorizerId: ${thisAuthorizer.id}\n requestParameters:\n method.request.path.proxy: true\nvariables:\n this:\n fn::invoke:\n function: aws:cognito:getUserPools\n arguments:\n name: ${cognitoUserPoolName}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import `aws_api_gateway_method` using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`. For example:\n\n```sh\n$ pulumi import aws:apigateway/method:Method example 12345abcde/67890fghij/GET\n```\n", "properties": { "apiKeyRequired": { "type": "boolean", @@ -204525,7 +204525,7 @@ } }, "aws:cloudtrail/trail:Trail": { - "description": "Provides a CloudTrail resource.\n\n\u003e **Tip:** For a multi-region trail, this resource must be in the home region of the trail.\n\n\u003e **Tip:** For an organization trail, this resource must be in the master account of the organization.\n\n## Example Usage\n\n### Basic\n\nEnable CloudTrail to capture all compatible management events in region.\nFor capturing events from services like IAM, `include_global_service_events` must be enabled.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {\n bucket: \"my-test-trail\",\n forceDestroy: true,\n});\nconst current = aws.getCallerIdentity({});\nconst currentGetPartition = aws.getPartition({});\nconst currentGetRegion = aws.getRegion({});\nconst example = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n sid: \"AWSCloudTrailAclCheck\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cloudtrail.amazonaws.com\"],\n }],\n actions: [\"s3:GetBucketAcl\"],\n resources: [exampleBucketV2.arn],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:SourceArn\",\n values: [Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e `arn:${currentGetPartition.partition}:cloudtrail:${currentGetRegion.name}:${current.accountId}:trail/example`)],\n }],\n },\n {\n sid: \"AWSCloudTrailWrite\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cloudtrail.amazonaws.com\"],\n }],\n actions: [\"s3:PutObject\"],\n resources: [pulumi.all([exampleBucketV2.arn, current]).apply(([arn, current]) =\u003e `${arn}/prefix/AWSLogs/${current.accountId}/*`)],\n conditions: [\n {\n test: \"StringEquals\",\n variable: \"s3:x-amz-acl\",\n values: [\"bucket-owner-full-control\"],\n },\n {\n test: \"StringEquals\",\n variable: \"aws:SourceArn\",\n values: [Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e `arn:${currentGetPartition.partition}:cloudtrail:${currentGetRegion.name}:${current.accountId}:trail/example`)],\n },\n ],\n },\n ],\n});\nconst exampleBucketPolicy = new aws.s3.BucketPolicy(\"example\", {\n bucket: exampleBucketV2.id,\n policy: example.apply(example =\u003e example.json),\n});\nconst exampleTrail = new aws.cloudtrail.Trail(\"example\", {\n name: \"example\",\n s3BucketName: exampleBucketV2.id,\n s3KeyPrefix: \"prefix\",\n includeGlobalServiceEvents: false,\n}, {\n dependsOn: [exampleBucketPolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\",\n bucket=\"my-test-trail\",\n force_destroy=True)\ncurrent = aws.get_caller_identity()\ncurrent_get_partition = aws.get_partition()\ncurrent_get_region = aws.get_region()\nexample = aws.iam.get_policy_document_output(statements=[\n {\n \"sid\": \"AWSCloudTrailAclCheck\",\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"cloudtrail.amazonaws.com\"],\n }],\n \"actions\": [\"s3:GetBucketAcl\"],\n \"resources\": [example_bucket_v2.arn],\n \"conditions\": [{\n \"test\": \"StringEquals\",\n \"variable\": \"aws:SourceArn\",\n \"values\": [f\"arn:{current_get_partition.partition}:cloudtrail:{current_get_region.name}:{current.account_id}:trail/example\"],\n }],\n },\n {\n \"sid\": \"AWSCloudTrailWrite\",\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"cloudtrail.amazonaws.com\"],\n }],\n \"actions\": [\"s3:PutObject\"],\n \"resources\": [example_bucket_v2.arn.apply(lambda arn: f\"{arn}/prefix/AWSLogs/{current.account_id}/*\")],\n \"conditions\": [\n {\n \"test\": \"StringEquals\",\n \"variable\": \"s3:x-amz-acl\",\n \"values\": [\"bucket-owner-full-control\"],\n },\n {\n \"test\": \"StringEquals\",\n \"variable\": \"aws:SourceArn\",\n \"values\": [f\"arn:{current_get_partition.partition}:cloudtrail:{current_get_region.name}:{current.account_id}:trail/example\"],\n },\n ],\n },\n])\nexample_bucket_policy = aws.s3.BucketPolicy(\"example\",\n bucket=example_bucket_v2.id,\n policy=example.json)\nexample_trail = aws.cloudtrail.Trail(\"example\",\n name=\"example\",\n s3_bucket_name=example_bucket_v2.id,\n s3_key_prefix=\"prefix\",\n include_global_service_events=False,\n opts = pulumi.ResourceOptions(depends_on=[example_bucket_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-test-trail\",\n ForceDestroy = true,\n });\n\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetPartition = Aws.GetPartition.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AWSCloudTrailAclCheck\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cloudtrail.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:GetBucketAcl\",\n },\n Resources = new[]\n {\n exampleBucketV2.Arn,\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:cloudtrail:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:trail/example\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AWSCloudTrailWrite\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cloudtrail.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{exampleBucketV2.Arn}/prefix/AWSLogs/{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"s3:x-amz-acl\",\n Values = new[]\n {\n \"bucket-owner-full-control\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:cloudtrail:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:trail/example\",\n },\n },\n },\n },\n },\n });\n\n var exampleBucketPolicy = new Aws.S3.BucketPolicy(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleTrail = new Aws.CloudTrail.Trail(\"example\", new()\n {\n Name = \"example\",\n S3BucketName = exampleBucketV2.Id,\n S3KeyPrefix = \"prefix\",\n IncludeGlobalServiceEvents = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n exampleBucketPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-test-trail\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, \u0026aws.GetCallerIdentityArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetPartition, err := aws.GetPartition(ctx, \u0026aws.GetPartitionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, \u0026aws.GetRegionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tSid: pulumi.String(\"AWSCloudTrailAclCheck\"),\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"cloudtrail.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketAcl\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleBucketV2.Arn,\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"arn:%v:cloudtrail:%v:%v:trail/example\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tSid: pulumi.String(\"AWSCloudTrailWrite\"),\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"cloudtrail.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleBucketV2.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/prefix/AWSLogs/%v/*\", arn, current.AccountId), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"s3:x-amz-acl\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"bucket-owner-full-control\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"arn:%v:cloudtrail:%v:%v:trail/example\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\texampleBucketPolicy, err := s3.NewBucketPolicy(ctx, \"example\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tPolicy: pulumi.String(example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026example.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tS3BucketName: exampleBucketV2.ID(),\n\t\t\tS3KeyPrefix: pulumi.String(\"prefix\"),\n\t\t\tIncludeGlobalServiceEvents: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleBucketPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder()\n .bucket(\"my-test-trail\")\n .forceDestroy(true)\n .build());\n\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetPartition = AwsFunctions.getPartition();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"AWSCloudTrailAclCheck\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cloudtrail.amazonaws.com\")\n .build())\n .actions(\"s3:GetBucketAcl\")\n .resources(exampleBucketV2.arn())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:%s:cloudtrail:%s:%s:trail/example\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"AWSCloudTrailWrite\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cloudtrail.amazonaws.com\")\n .build())\n .actions(\"s3:PutObject\")\n .resources(exampleBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/prefix/AWSLogs/%s/*\", arn,current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))))\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"s3:x-amz-acl\")\n .values(\"bucket-owner-full-control\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:%s:cloudtrail:%s:%s:trail/example\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .build())\n .build());\n\n var exampleBucketPolicy = new BucketPolicy(\"exampleBucketPolicy\", BucketPolicyArgs.builder()\n .bucket(exampleBucketV2.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleTrail = new Trail(\"exampleTrail\", TrailArgs.builder()\n .name(\"example\")\n .s3BucketName(exampleBucketV2.id())\n .s3KeyPrefix(\"prefix\")\n .includeGlobalServiceEvents(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleBucketPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleTrail:\n type: aws:cloudtrail:Trail\n name: example\n properties:\n name: example\n s3BucketName: ${exampleBucketV2.id}\n s3KeyPrefix: prefix\n includeGlobalServiceEvents: false\n options:\n dependsOn:\n - ${exampleBucketPolicy}\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: my-test-trail\n forceDestroy: true\n exampleBucketPolicy:\n type: aws:s3:BucketPolicy\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - sid: AWSCloudTrailAclCheck\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - cloudtrail.amazonaws.com\n actions:\n - s3:GetBucketAcl\n resources:\n - ${exampleBucketV2.arn}\n conditions:\n - test: StringEquals\n variable: aws:SourceArn\n values:\n - arn:${currentGetPartition.partition}:cloudtrail:${currentGetRegion.name}:${current.accountId}:trail/example\n - sid: AWSCloudTrailWrite\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - cloudtrail.amazonaws.com\n actions:\n - s3:PutObject\n resources:\n - ${exampleBucketV2.arn}/prefix/AWSLogs/${current.accountId}/*\n conditions:\n - test: StringEquals\n variable: s3:x-amz-acl\n values:\n - bucket-owner-full-control\n - test: StringEquals\n variable: aws:SourceArn\n values:\n - arn:${currentGetPartition.partition}:cloudtrail:${currentGetRegion.name}:${current.accountId}:trail/example\n current:\n fn::invoke:\n function: aws:getCallerIdentity\n arguments: {}\n currentGetPartition:\n fn::invoke:\n function: aws:getPartition\n arguments: {}\n currentGetRegion:\n fn::invoke:\n function: aws:getRegion\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Data Event Logging\n\nCloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 objects and Lambda function invocations. Additional information about data event configuration can be found in the following links:\n\n* [CloudTrail API DataResource documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DataResource.html) (for basic event selector).\n* [CloudTrail API AdvancedFieldSelector documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html) (for advanced event selector).\n\n### Logging All Lambda Function Invocations By Using Basic Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudtrail.Trail(\"example\", {eventSelectors: [{\n readWriteType: \"All\",\n includeManagementEvents: true,\n dataResources: [{\n type: \"AWS::Lambda::Function\",\n values: [\"arn:aws:lambda\"],\n }],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudtrail.Trail(\"example\", event_selectors=[{\n \"read_write_type\": \"All\",\n \"include_management_events\": True,\n \"data_resources\": [{\n \"type\": \"AWS::Lambda::Function\",\n \"values\": [\"arn:aws:lambda\"],\n }],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n EventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorArgs\n {\n ReadWriteType = \"All\",\n IncludeManagementEvents = true,\n DataResources = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs\n {\n Type = \"AWS::Lambda::Function\",\n Values = new[]\n {\n \"arn:aws:lambda\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tEventSelectors: cloudtrail.TrailEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailEventSelectorArgs{\n\t\t\t\t\tReadWriteType: pulumi.String(\"All\"),\n\t\t\t\t\tIncludeManagementEvents: pulumi.Bool(true),\n\t\t\t\t\tDataResources: cloudtrail.TrailEventSelectorDataResourceArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailEventSelectorDataResourceArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AWS::Lambda::Function\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"arn:aws:lambda\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Trail(\"example\", TrailArgs.builder()\n .eventSelectors(TrailEventSelectorArgs.builder()\n .readWriteType(\"All\")\n .includeManagementEvents(true)\n .dataResources(TrailEventSelectorDataResourceArgs.builder()\n .type(\"AWS::Lambda::Function\")\n .values(\"arn:aws:lambda\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n eventSelectors:\n - readWriteType: All\n includeManagementEvents: true\n dataResources:\n - type: AWS::Lambda::Function\n values:\n - arn:aws:lambda\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Logging All S3 Object Events By Using Basic Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudtrail.Trail(\"example\", {eventSelectors: [{\n readWriteType: \"All\",\n includeManagementEvents: true,\n dataResources: [{\n type: \"AWS::S3::Object\",\n values: [\"arn:aws:s3\"],\n }],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudtrail.Trail(\"example\", event_selectors=[{\n \"read_write_type\": \"All\",\n \"include_management_events\": True,\n \"data_resources\": [{\n \"type\": \"AWS::S3::Object\",\n \"values\": [\"arn:aws:s3\"],\n }],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n EventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorArgs\n {\n ReadWriteType = \"All\",\n IncludeManagementEvents = true,\n DataResources = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs\n {\n Type = \"AWS::S3::Object\",\n Values = new[]\n {\n \"arn:aws:s3\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tEventSelectors: cloudtrail.TrailEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailEventSelectorArgs{\n\t\t\t\t\tReadWriteType: pulumi.String(\"All\"),\n\t\t\t\t\tIncludeManagementEvents: pulumi.Bool(true),\n\t\t\t\t\tDataResources: cloudtrail.TrailEventSelectorDataResourceArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailEventSelectorDataResourceArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"arn:aws:s3\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Trail(\"example\", TrailArgs.builder()\n .eventSelectors(TrailEventSelectorArgs.builder()\n .readWriteType(\"All\")\n .includeManagementEvents(true)\n .dataResources(TrailEventSelectorDataResourceArgs.builder()\n .type(\"AWS::S3::Object\")\n .values(\"arn:aws:s3\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n eventSelectors:\n - readWriteType: All\n includeManagementEvents: true\n dataResources:\n - type: AWS::S3::Object\n values:\n - arn:aws:s3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Logging Individual S3 Bucket Events By Using Basic Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst important-bucket = aws.s3.getBucket({\n bucket: \"important-bucket\",\n});\nconst example = new aws.cloudtrail.Trail(\"example\", {eventSelectors: [{\n readWriteType: \"All\",\n includeManagementEvents: true,\n dataResources: [{\n type: \"AWS::S3::Object\",\n values: [important_bucket.then(important_bucket =\u003e `${important_bucket.arn}/`)],\n }],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nimportant_bucket = aws.s3.get_bucket(bucket=\"important-bucket\")\nexample = aws.cloudtrail.Trail(\"example\", event_selectors=[{\n \"read_write_type\": \"All\",\n \"include_management_events\": True,\n \"data_resources\": [{\n \"type\": \"AWS::S3::Object\",\n \"values\": [f\"{important_bucket.arn}/\"],\n }],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var important_bucket = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"important-bucket\",\n });\n\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n EventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorArgs\n {\n ReadWriteType = \"All\",\n IncludeManagementEvents = true,\n DataResources = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs\n {\n Type = \"AWS::S3::Object\",\n Values = new[]\n {\n important_bucket.Apply(important_bucket =\u003e $\"{important_bucket.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\timportant_bucket, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"important-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tEventSelectors: cloudtrail.TrailEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailEventSelectorArgs{\n\t\t\t\t\tReadWriteType: pulumi.String(\"All\"),\n\t\t\t\t\tIncludeManagementEvents: pulumi.Bool(true),\n\t\t\t\t\tDataResources: cloudtrail.TrailEventSelectorDataResourceArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailEventSelectorDataResourceArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", important_bucket.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var important-bucket = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"important-bucket\")\n .build());\n\n var example = new Trail(\"example\", TrailArgs.builder()\n .eventSelectors(TrailEventSelectorArgs.builder()\n .readWriteType(\"All\")\n .includeManagementEvents(true)\n .dataResources(TrailEventSelectorDataResourceArgs.builder()\n .type(\"AWS::S3::Object\")\n .values(String.format(\"%s/\", important_bucket.arn()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n eventSelectors:\n - readWriteType: All\n includeManagementEvents: true\n dataResources:\n - type: AWS::S3::Object\n values:\n - ${[\"important-bucket\"].arn}/\nvariables:\n important-bucket:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: important-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Logging All S3 Object Events Except For Two S3 Buckets By Using Advanced Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst not-important-bucket-1 = aws.s3.getBucket({\n bucket: \"not-important-bucket-1\",\n});\nconst not-important-bucket-2 = aws.s3.getBucket({\n bucket: \"not-important-bucket-2\",\n});\nconst example = new aws.cloudtrail.Trail(\"example\", {advancedEventSelectors: [\n {\n name: \"Log all S3 objects events except for two S3 buckets\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"resources.ARN\",\n notStartsWiths: [\n not_important_bucket_1.then(not_important_bucket_1 =\u003e `${not_important_bucket_1.arn}/`),\n not_important_bucket_2.then(not_important_bucket_2 =\u003e `${not_important_bucket_2.arn}/`),\n ],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::S3::Object\"],\n },\n ],\n },\n {\n name: \"Log readOnly and writeOnly management events\",\n fieldSelectors: [{\n field: \"eventCategory\",\n equals: [\"Management\"],\n }],\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnot_important_bucket_1 = aws.s3.get_bucket(bucket=\"not-important-bucket-1\")\nnot_important_bucket_2 = aws.s3.get_bucket(bucket=\"not-important-bucket-2\")\nexample = aws.cloudtrail.Trail(\"example\", advanced_event_selectors=[\n {\n \"name\": \"Log all S3 objects events except for two S3 buckets\",\n \"field_selectors\": [\n {\n \"field\": \"eventCategory\",\n \"equals\": [\"Data\"],\n },\n {\n \"field\": \"resources.ARN\",\n \"not_starts_withs\": [\n f\"{not_important_bucket_1.arn}/\",\n f\"{not_important_bucket_2.arn}/\",\n ],\n },\n {\n \"field\": \"resources.type\",\n \"equals\": [\"AWS::S3::Object\"],\n },\n ],\n },\n {\n \"name\": \"Log readOnly and writeOnly management events\",\n \"field_selectors\": [{\n \"field\": \"eventCategory\",\n \"equals\": [\"Management\"],\n }],\n },\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var not_important_bucket_1 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"not-important-bucket-1\",\n });\n\n var not_important_bucket_2 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"not-important-bucket-2\",\n });\n\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n AdvancedEventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorArgs\n {\n Name = \"Log all S3 objects events except for two S3 buckets\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n NotStartsWiths = new[]\n {\n not_important_bucket_1.Apply(not_important_bucket_1 =\u003e $\"{not_important_bucket_1.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n not_important_bucket_2.Apply(not_important_bucket_2 =\u003e $\"{not_important_bucket_2.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::S3::Object\",\n },\n },\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorArgs\n {\n Name = \"Log readOnly and writeOnly management events\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Management\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnot_important_bucket_1, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"not-important-bucket-1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnot_important_bucket_2, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"not-important-bucket-2\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tAdvancedEventSelectors: cloudtrail.TrailAdvancedEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log all S3 objects events except for two S3 buckets\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.TrailAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tNotStartsWiths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", not_important_bucket_1.Arn),\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", not_important_bucket_2.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log readOnly and writeOnly management events\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.TrailAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Management\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailAdvancedEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var not-important-bucket-1 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"not-important-bucket-1\")\n .build());\n\n final var not-important-bucket-2 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"not-important-bucket-2\")\n .build());\n\n var example = new Trail(\"example\", TrailArgs.builder()\n .advancedEventSelectors( \n TrailAdvancedEventSelectorArgs.builder()\n .name(\"Log all S3 objects events except for two S3 buckets\")\n .fieldSelectors( \n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .notStartsWiths( \n String.format(\"%s/\", not_important_bucket_1.arn()),\n String.format(\"%s/\", not_important_bucket_2.arn()))\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::S3::Object\")\n .build())\n .build(),\n TrailAdvancedEventSelectorArgs.builder()\n .name(\"Log readOnly and writeOnly management events\")\n .fieldSelectors(TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Management\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n advancedEventSelectors:\n - name: Log all S3 objects events except for two S3 buckets\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: resources.ARN\n notStartsWiths:\n - ${[\"not-important-bucket-1\"].arn}/\n - ${[\"not-important-bucket-2\"].arn}/\n - field: resources.type\n equals:\n - AWS::S3::Object\n - name: Log readOnly and writeOnly management events\n fieldSelectors:\n - field: eventCategory\n equals:\n - Management\nvariables:\n not-important-bucket-1:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: not-important-bucket-1\n not-important-bucket-2:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: not-important-bucket-2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Logging Individual S3 Buckets And Specific Event Names By Using Advanced Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst important-bucket-1 = aws.s3.getBucket({\n bucket: \"important-bucket-1\",\n});\nconst important-bucket-2 = aws.s3.getBucket({\n bucket: \"important-bucket-2\",\n});\nconst important-bucket-3 = aws.s3.getBucket({\n bucket: \"important-bucket-3\",\n});\nconst example = new aws.cloudtrail.Trail(\"example\", {advancedEventSelectors: [\n {\n name: \"Log PutObject and DeleteObject events for two S3 buckets\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"eventName\",\n equals: [\n \"PutObject\",\n \"DeleteObject\",\n ],\n },\n {\n field: \"resources.ARN\",\n startsWiths: [\n important_bucket_1.then(important_bucket_1 =\u003e `${important_bucket_1.arn}/`),\n important_bucket_2.then(important_bucket_2 =\u003e `${important_bucket_2.arn}/`),\n ],\n },\n {\n field: \"readOnly\",\n equals: [\"false\"],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::S3::Object\"],\n },\n ],\n },\n {\n name: \"Log Delete* events for one S3 bucket\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"eventName\",\n startsWiths: [\"Delete\"],\n },\n {\n field: \"resources.ARN\",\n equals: [important_bucket_3.then(important_bucket_3 =\u003e `${important_bucket_3.arn}/important-prefix`)],\n },\n {\n field: \"readOnly\",\n equals: [\"false\"],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::S3::Object\"],\n },\n ],\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nimportant_bucket_1 = aws.s3.get_bucket(bucket=\"important-bucket-1\")\nimportant_bucket_2 = aws.s3.get_bucket(bucket=\"important-bucket-2\")\nimportant_bucket_3 = aws.s3.get_bucket(bucket=\"important-bucket-3\")\nexample = aws.cloudtrail.Trail(\"example\", advanced_event_selectors=[\n {\n \"name\": \"Log PutObject and DeleteObject events for two S3 buckets\",\n \"field_selectors\": [\n {\n \"field\": \"eventCategory\",\n \"equals\": [\"Data\"],\n },\n {\n \"field\": \"eventName\",\n \"equals\": [\n \"PutObject\",\n \"DeleteObject\",\n ],\n },\n {\n \"field\": \"resources.ARN\",\n \"starts_withs\": [\n f\"{important_bucket_1.arn}/\",\n f\"{important_bucket_2.arn}/\",\n ],\n },\n {\n \"field\": \"readOnly\",\n \"equals\": [\"false\"],\n },\n {\n \"field\": \"resources.type\",\n \"equals\": [\"AWS::S3::Object\"],\n },\n ],\n },\n {\n \"name\": \"Log Delete* events for one S3 bucket\",\n \"field_selectors\": [\n {\n \"field\": \"eventCategory\",\n \"equals\": [\"Data\"],\n },\n {\n \"field\": \"eventName\",\n \"starts_withs\": [\"Delete\"],\n },\n {\n \"field\": \"resources.ARN\",\n \"equals\": [f\"{important_bucket_3.arn}/important-prefix\"],\n },\n {\n \"field\": \"readOnly\",\n \"equals\": [\"false\"],\n },\n {\n \"field\": \"resources.type\",\n \"equals\": [\"AWS::S3::Object\"],\n },\n ],\n },\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var important_bucket_1 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"important-bucket-1\",\n });\n\n var important_bucket_2 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"important-bucket-2\",\n });\n\n var important_bucket_3 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"important-bucket-3\",\n });\n\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n AdvancedEventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorArgs\n {\n Name = \"Log PutObject and DeleteObject events for two S3 buckets\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventName\",\n Equals = new[]\n {\n \"PutObject\",\n \"DeleteObject\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n StartsWiths = new[]\n {\n important_bucket_1.Apply(important_bucket_1 =\u003e $\"{important_bucket_1.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n important_bucket_2.Apply(important_bucket_2 =\u003e $\"{important_bucket_2.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"readOnly\",\n Equals = new[]\n {\n \"false\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::S3::Object\",\n },\n },\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorArgs\n {\n Name = \"Log Delete* events for one S3 bucket\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventName\",\n StartsWiths = new[]\n {\n \"Delete\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n Equals = new[]\n {\n important_bucket_3.Apply(important_bucket_3 =\u003e $\"{important_bucket_3.Apply(getBucketResult =\u003e getBucketResult.Arn)}/important-prefix\"),\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"readOnly\",\n Equals = new[]\n {\n \"false\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::S3::Object\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\timportant_bucket_1, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"important-bucket-1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\timportant_bucket_2, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"important-bucket-2\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\timportant_bucket_3, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"important-bucket-3\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tAdvancedEventSelectors: cloudtrail.TrailAdvancedEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log PutObject and DeleteObject events for two S3 buckets\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.TrailAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventName\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"PutObject\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"DeleteObject\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tStartsWiths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", important_bucket_1.Arn),\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", important_bucket_2.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"readOnly\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"false\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log Delete* events for one S3 bucket\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.TrailAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventName\"),\n\t\t\t\t\t\t\tStartsWiths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Delete\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/important-prefix\", important_bucket_3.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"readOnly\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"false\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailAdvancedEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var important-bucket-1 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"important-bucket-1\")\n .build());\n\n final var important-bucket-2 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"important-bucket-2\")\n .build());\n\n final var important-bucket-3 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"important-bucket-3\")\n .build());\n\n var example = new Trail(\"example\", TrailArgs.builder()\n .advancedEventSelectors( \n TrailAdvancedEventSelectorArgs.builder()\n .name(\"Log PutObject and DeleteObject events for two S3 buckets\")\n .fieldSelectors( \n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventName\")\n .equals( \n \"PutObject\",\n \"DeleteObject\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .startsWiths( \n String.format(\"%s/\", important_bucket_1.arn()),\n String.format(\"%s/\", important_bucket_2.arn()))\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"readOnly\")\n .equals(\"false\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::S3::Object\")\n .build())\n .build(),\n TrailAdvancedEventSelectorArgs.builder()\n .name(\"Log Delete* events for one S3 bucket\")\n .fieldSelectors( \n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventName\")\n .startsWiths(\"Delete\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .equals(String.format(\"%s/important-prefix\", important_bucket_3.arn()))\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"readOnly\")\n .equals(\"false\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::S3::Object\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n advancedEventSelectors:\n - name: Log PutObject and DeleteObject events for two S3 buckets\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: eventName\n equals:\n - PutObject\n - DeleteObject\n - field: resources.ARN\n startsWiths:\n - ${[\"important-bucket-1\"].arn}/\n - ${[\"important-bucket-2\"].arn}/\n - field: readOnly\n equals:\n - 'false'\n - field: resources.type\n equals:\n - AWS::S3::Object\n - name: Log Delete* events for one S3 bucket\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: eventName\n startsWiths:\n - Delete\n - field: resources.ARN\n equals:\n - ${[\"important-bucket-3\"].arn}/important-prefix\n - field: readOnly\n equals:\n - 'false'\n - field: resources.type\n equals:\n - AWS::S3::Object\nvariables:\n important-bucket-1:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: important-bucket-1\n important-bucket-2:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: important-bucket-2\n important-bucket-3:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: important-bucket-3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Sending Events to CloudWatch Logs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.LogGroup(\"example\", {name: \"Example\"});\nconst exampleTrail = new aws.cloudtrail.Trail(\"example\", {cloudWatchLogsGroupArn: pulumi.interpolate`${example.arn}:*`});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.LogGroup(\"example\", name=\"Example\")\nexample_trail = aws.cloudtrail.Trail(\"example\", cloud_watch_logs_group_arn=example.arn.apply(lambda arn: f\"{arn}:*\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"Example\",\n });\n\n var exampleTrail = new Aws.CloudTrail.Trail(\"example\", new()\n {\n CloudWatchLogsGroupArn = example.Arn.Apply(arn =\u003e $\"{arn}:*\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"Example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tCloudWatchLogsGroupArn: example.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LogGroup(\"example\", LogGroupArgs.builder()\n .name(\"Example\")\n .build());\n\n var exampleTrail = new Trail(\"exampleTrail\", TrailArgs.builder()\n .cloudWatchLogsGroupArn(example.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: Example\n exampleTrail:\n type: aws:cloudtrail:Trail\n name: example\n properties:\n cloudWatchLogsGroupArn: ${example.arn}:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cloudtrails using the `arn`. For example:\n\n```sh\n$ pulumi import aws:cloudtrail/trail:Trail sample arn:aws:cloudtrail:us-east-1:123456789012:trail/my-sample-trail\n```\n", + "description": "Provides a CloudTrail resource.\n\n\u003e **Tip:** For a multi-region trail, this resource must be in the home region of the trail.\n\n\u003e **Tip:** For an organization trail, this resource must be in the master account of the organization.\n\n## Example Usage\n\n### Basic\n\nEnable CloudTrail to capture all compatible management events in region.\nFor capturing events from services like IAM, `include_global_service_events` must be enabled.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucketV2 = new aws.s3.BucketV2(\"example\", {\n bucket: \"my-test-trail\",\n forceDestroy: true,\n});\nconst current = aws.getCallerIdentity({});\nconst currentGetPartition = aws.getPartition({});\nconst currentGetRegion = aws.getRegion({});\nconst example = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n sid: \"AWSCloudTrailAclCheck\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cloudtrail.amazonaws.com\"],\n }],\n actions: [\"s3:GetBucketAcl\"],\n resources: [exampleBucketV2.arn],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:SourceArn\",\n values: [Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e `arn:${currentGetPartition.partition}:cloudtrail:${currentGetRegion.name}:${current.accountId}:trail/example`)],\n }],\n },\n {\n sid: \"AWSCloudTrailWrite\",\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"cloudtrail.amazonaws.com\"],\n }],\n actions: [\"s3:PutObject\"],\n resources: [pulumi.all([exampleBucketV2.arn, current]).apply(([arn, current]) =\u003e `${arn}/prefix/AWSLogs/${current.accountId}/*`)],\n conditions: [\n {\n test: \"StringEquals\",\n variable: \"s3:x-amz-acl\",\n values: [\"bucket-owner-full-control\"],\n },\n {\n test: \"StringEquals\",\n variable: \"aws:SourceArn\",\n values: [Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e `arn:${currentGetPartition.partition}:cloudtrail:${currentGetRegion.name}:${current.accountId}:trail/example`)],\n },\n ],\n },\n ],\n});\nconst exampleBucketPolicy = new aws.s3.BucketPolicy(\"example\", {\n bucket: exampleBucketV2.id,\n policy: example.apply(example =\u003e example.json),\n});\nconst exampleTrail = new aws.cloudtrail.Trail(\"example\", {\n name: \"example\",\n s3BucketName: exampleBucketV2.id,\n s3KeyPrefix: \"prefix\",\n includeGlobalServiceEvents: false,\n}, {\n dependsOn: [exampleBucketPolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket_v2 = aws.s3.BucketV2(\"example\",\n bucket=\"my-test-trail\",\n force_destroy=True)\ncurrent = aws.get_caller_identity()\ncurrent_get_partition = aws.get_partition()\ncurrent_get_region = aws.get_region()\nexample = aws.iam.get_policy_document_output(statements=[\n {\n \"sid\": \"AWSCloudTrailAclCheck\",\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"cloudtrail.amazonaws.com\"],\n }],\n \"actions\": [\"s3:GetBucketAcl\"],\n \"resources\": [example_bucket_v2.arn],\n \"conditions\": [{\n \"test\": \"StringEquals\",\n \"variable\": \"aws:SourceArn\",\n \"values\": [f\"arn:{current_get_partition.partition}:cloudtrail:{current_get_region.name}:{current.account_id}:trail/example\"],\n }],\n },\n {\n \"sid\": \"AWSCloudTrailWrite\",\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"cloudtrail.amazonaws.com\"],\n }],\n \"actions\": [\"s3:PutObject\"],\n \"resources\": [example_bucket_v2.arn.apply(lambda arn: f\"{arn}/prefix/AWSLogs/{current.account_id}/*\")],\n \"conditions\": [\n {\n \"test\": \"StringEquals\",\n \"variable\": \"s3:x-amz-acl\",\n \"values\": [\"bucket-owner-full-control\"],\n },\n {\n \"test\": \"StringEquals\",\n \"variable\": \"aws:SourceArn\",\n \"values\": [f\"arn:{current_get_partition.partition}:cloudtrail:{current_get_region.name}:{current.account_id}:trail/example\"],\n },\n ],\n },\n])\nexample_bucket_policy = aws.s3.BucketPolicy(\"example\",\n bucket=example_bucket_v2.id,\n policy=example.json)\nexample_trail = aws.cloudtrail.Trail(\"example\",\n name=\"example\",\n s3_bucket_name=example_bucket_v2.id,\n s3_key_prefix=\"prefix\",\n include_global_service_events=False,\n opts = pulumi.ResourceOptions(depends_on=[example_bucket_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleBucketV2 = new Aws.S3.BucketV2(\"example\", new()\n {\n Bucket = \"my-test-trail\",\n ForceDestroy = true,\n });\n\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetPartition = Aws.GetPartition.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var example = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AWSCloudTrailAclCheck\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cloudtrail.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:GetBucketAcl\",\n },\n Resources = new[]\n {\n exampleBucketV2.Arn,\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:cloudtrail:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:trail/example\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"AWSCloudTrailWrite\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"cloudtrail.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"s3:PutObject\",\n },\n Resources = new[]\n {\n $\"{exampleBucketV2.Arn}/prefix/AWSLogs/{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}/*\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"s3:x-amz-acl\",\n Values = new[]\n {\n \"bucket-owner-full-control\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:cloudtrail:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:trail/example\",\n },\n },\n },\n },\n },\n });\n\n var exampleBucketPolicy = new Aws.S3.BucketPolicy(\"example\", new()\n {\n Bucket = exampleBucketV2.Id,\n Policy = example.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var exampleTrail = new Aws.CloudTrail.Trail(\"example\", new()\n {\n Name = \"example\",\n S3BucketName = exampleBucketV2.Id,\n S3KeyPrefix = \"prefix\",\n IncludeGlobalServiceEvents = false,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n exampleBucketPolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucketV2, err := s3.NewBucketV2(ctx, \"example\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"my-test-trail\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, \u0026aws.GetCallerIdentityArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetPartition, err := aws.GetPartition(ctx, \u0026aws.GetPartitionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, \u0026aws.GetRegionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tSid: pulumi.String(\"AWSCloudTrailAclCheck\"),\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"cloudtrail.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:GetBucketAcl\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleBucketV2.Arn,\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"arn:%v:cloudtrail:%v:%v:trail/example\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tSid: pulumi.String(\"AWSCloudTrailWrite\"),\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"cloudtrail.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:PutObject\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texampleBucketV2.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/prefix/AWSLogs/%v/*\", arn, current.AccountId), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: iam.GetPolicyDocumentStatementConditionArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"s3:x-amz-acl\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"bucket-owner-full-control\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementConditionArgs{\n\t\t\t\t\t\t\tTest: pulumi.String(\"StringEquals\"),\n\t\t\t\t\t\t\tVariable: pulumi.String(\"aws:SourceArn\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"arn:%v:cloudtrail:%v:%v:trail/example\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\texampleBucketPolicy, err := s3.NewBucketPolicy(ctx, \"example\", \u0026s3.BucketPolicyArgs{\n\t\t\tBucket: exampleBucketV2.ID(),\n\t\t\tPolicy: pulumi.String(example.ApplyT(func(example iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026example.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tS3BucketName: exampleBucketV2.ID(),\n\t\t\tS3KeyPrefix: pulumi.String(\"prefix\"),\n\t\t\tIncludeGlobalServiceEvents: pulumi.Bool(false),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleBucketPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.s3.BucketPolicy;\nimport com.pulumi.aws.s3.BucketPolicyArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleBucketV2 = new BucketV2(\"exampleBucketV2\", BucketV2Args.builder()\n .bucket(\"my-test-trail\")\n .forceDestroy(true)\n .build());\n\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetPartition = AwsFunctions.getPartition();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n final var example = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .sid(\"AWSCloudTrailAclCheck\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cloudtrail.amazonaws.com\")\n .build())\n .actions(\"s3:GetBucketAcl\")\n .resources(exampleBucketV2.arn())\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:%s:cloudtrail:%s:%s:trail/example\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .sid(\"AWSCloudTrailWrite\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"cloudtrail.amazonaws.com\")\n .build())\n .actions(\"s3:PutObject\")\n .resources(exampleBucketV2.arn().applyValue(arn -\u003e String.format(\"%s/prefix/AWSLogs/%s/*\", arn,current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId()))))\n .conditions( \n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"s3:x-amz-acl\")\n .values(\"bucket-owner-full-control\")\n .build(),\n GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:%s:cloudtrail:%s:%s:trail/example\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .build())\n .build())\n .build());\n\n var exampleBucketPolicy = new BucketPolicy(\"exampleBucketPolicy\", BucketPolicyArgs.builder()\n .bucket(exampleBucketV2.id())\n .policy(example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult).applyValue(example -\u003e example.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json())))\n .build());\n\n var exampleTrail = new Trail(\"exampleTrail\", TrailArgs.builder()\n .name(\"example\")\n .s3BucketName(exampleBucketV2.id())\n .s3KeyPrefix(\"prefix\")\n .includeGlobalServiceEvents(false)\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleBucketPolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleTrail:\n type: aws:cloudtrail:Trail\n name: example\n properties:\n name: example\n s3BucketName: ${exampleBucketV2.id}\n s3KeyPrefix: prefix\n includeGlobalServiceEvents: false\n options:\n dependsOn:\n - ${exampleBucketPolicy}\n exampleBucketV2:\n type: aws:s3:BucketV2\n name: example\n properties:\n bucket: my-test-trail\n forceDestroy: true\n exampleBucketPolicy:\n type: aws:s3:BucketPolicy\n name: example\n properties:\n bucket: ${exampleBucketV2.id}\n policy: ${example.json}\nvariables:\n example:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - sid: AWSCloudTrailAclCheck\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - cloudtrail.amazonaws.com\n actions:\n - s3:GetBucketAcl\n resources:\n - ${exampleBucketV2.arn}\n conditions:\n - test: StringEquals\n variable: aws:SourceArn\n values:\n - arn:${currentGetPartition.partition}:cloudtrail:${currentGetRegion.name}:${current.accountId}:trail/example\n - sid: AWSCloudTrailWrite\n effect: Allow\n principals:\n - type: Service\n identifiers:\n - cloudtrail.amazonaws.com\n actions:\n - s3:PutObject\n resources:\n - ${exampleBucketV2.arn}/prefix/AWSLogs/${current.accountId}/*\n conditions:\n - test: StringEquals\n variable: s3:x-amz-acl\n values:\n - bucket-owner-full-control\n - test: StringEquals\n variable: aws:SourceArn\n values:\n - arn:${currentGetPartition.partition}:cloudtrail:${currentGetRegion.name}:${current.accountId}:trail/example\n current:\n fn::invoke:\n function: aws:getCallerIdentity\n arguments: {}\n currentGetPartition:\n fn::invoke:\n function: aws:getPartition\n arguments: {}\n currentGetRegion:\n fn::invoke:\n function: aws:getRegion\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Data Event Logging\n\nCloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 objects and Lambda function invocations. Additional information about data event configuration can be found in the following links:\n\n* [CloudTrail API DataResource documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DataResource.html) (for basic event selector).\n* [CloudTrail API AdvancedFieldSelector documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html) (for advanced event selector).\n\n### Logging All Lambda Function Invocations By Using Basic Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudtrail.Trail(\"example\", {eventSelectors: [{\n readWriteType: \"All\",\n includeManagementEvents: true,\n dataResources: [{\n type: \"AWS::Lambda::Function\",\n values: [\"arn:aws:lambda\"],\n }],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudtrail.Trail(\"example\", event_selectors=[{\n \"read_write_type\": \"All\",\n \"include_management_events\": True,\n \"data_resources\": [{\n \"type\": \"AWS::Lambda::Function\",\n \"values\": [\"arn:aws:lambda\"],\n }],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n EventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorArgs\n {\n ReadWriteType = \"All\",\n IncludeManagementEvents = true,\n DataResources = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs\n {\n Type = \"AWS::Lambda::Function\",\n Values = new[]\n {\n \"arn:aws:lambda\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tEventSelectors: cloudtrail.TrailEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailEventSelectorArgs{\n\t\t\t\t\tReadWriteType: pulumi.String(\"All\"),\n\t\t\t\t\tIncludeManagementEvents: pulumi.Bool(true),\n\t\t\t\t\tDataResources: cloudtrail.TrailEventSelectorDataResourceArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailEventSelectorDataResourceArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AWS::Lambda::Function\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"arn:aws:lambda\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Trail(\"example\", TrailArgs.builder()\n .eventSelectors(TrailEventSelectorArgs.builder()\n .readWriteType(\"All\")\n .includeManagementEvents(true)\n .dataResources(TrailEventSelectorDataResourceArgs.builder()\n .type(\"AWS::Lambda::Function\")\n .values(\"arn:aws:lambda\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n eventSelectors:\n - readWriteType: All\n includeManagementEvents: true\n dataResources:\n - type: AWS::Lambda::Function\n values:\n - arn:aws:lambda\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Logging All S3 Object Events By Using Basic Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudtrail.Trail(\"example\", {eventSelectors: [{\n readWriteType: \"All\",\n includeManagementEvents: true,\n dataResources: [{\n type: \"AWS::S3::Object\",\n values: [\"arn:aws:s3\"],\n }],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudtrail.Trail(\"example\", event_selectors=[{\n \"read_write_type\": \"All\",\n \"include_management_events\": True,\n \"data_resources\": [{\n \"type\": \"AWS::S3::Object\",\n \"values\": [\"arn:aws:s3\"],\n }],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n EventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorArgs\n {\n ReadWriteType = \"All\",\n IncludeManagementEvents = true,\n DataResources = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs\n {\n Type = \"AWS::S3::Object\",\n Values = new[]\n {\n \"arn:aws:s3\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tEventSelectors: cloudtrail.TrailEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailEventSelectorArgs{\n\t\t\t\t\tReadWriteType: pulumi.String(\"All\"),\n\t\t\t\t\tIncludeManagementEvents: pulumi.Bool(true),\n\t\t\t\t\tDataResources: cloudtrail.TrailEventSelectorDataResourceArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailEventSelectorDataResourceArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"arn:aws:s3\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Trail(\"example\", TrailArgs.builder()\n .eventSelectors(TrailEventSelectorArgs.builder()\n .readWriteType(\"All\")\n .includeManagementEvents(true)\n .dataResources(TrailEventSelectorDataResourceArgs.builder()\n .type(\"AWS::S3::Object\")\n .values(\"arn:aws:s3\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n eventSelectors:\n - readWriteType: All\n includeManagementEvents: true\n dataResources:\n - type: AWS::S3::Object\n values:\n - arn:aws:s3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Logging Individual S3 Bucket Events By Using Basic Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst important_bucket = aws.s3.getBucket({\n bucket: \"important-bucket\",\n});\nconst example = new aws.cloudtrail.Trail(\"example\", {eventSelectors: [{\n readWriteType: \"All\",\n includeManagementEvents: true,\n dataResources: [{\n type: \"AWS::S3::Object\",\n values: [important_bucket.then(important_bucket =\u003e `${important_bucket.arn}/`)],\n }],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nimportant_bucket = aws.s3.get_bucket(bucket=\"important-bucket\")\nexample = aws.cloudtrail.Trail(\"example\", event_selectors=[{\n \"read_write_type\": \"All\",\n \"include_management_events\": True,\n \"data_resources\": [{\n \"type\": \"AWS::S3::Object\",\n \"values\": [f\"{important_bucket.arn}/\"],\n }],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var important_bucket = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"important-bucket\",\n });\n\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n EventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorArgs\n {\n ReadWriteType = \"All\",\n IncludeManagementEvents = true,\n DataResources = new[]\n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs\n {\n Type = \"AWS::S3::Object\",\n Values = new[]\n {\n important_bucket.Apply(important_bucket =\u003e $\"{important_bucket.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\timportant_bucket, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"important-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tEventSelectors: cloudtrail.TrailEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailEventSelectorArgs{\n\t\t\t\t\tReadWriteType: pulumi.String(\"All\"),\n\t\t\t\t\tIncludeManagementEvents: pulumi.Bool(true),\n\t\t\t\t\tDataResources: cloudtrail.TrailEventSelectorDataResourceArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailEventSelectorDataResourceArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", important_bucket.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var important-bucket = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"important-bucket\")\n .build());\n\n var example = new Trail(\"example\", TrailArgs.builder()\n .eventSelectors(TrailEventSelectorArgs.builder()\n .readWriteType(\"All\")\n .includeManagementEvents(true)\n .dataResources(TrailEventSelectorDataResourceArgs.builder()\n .type(\"AWS::S3::Object\")\n .values(String.format(\"%s/\", important_bucket.arn()))\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n eventSelectors:\n - readWriteType: All\n includeManagementEvents: true\n dataResources:\n - type: AWS::S3::Object\n values:\n - ${[\"important-bucket\"].arn}/\nvariables:\n important-bucket:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: important-bucket\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Logging All S3 Object Events Except For Two S3 Buckets By Using Advanced Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst not_important_bucket_1 = aws.s3.getBucket({\n bucket: \"not-important-bucket-1\",\n});\nconst not_important_bucket_2 = aws.s3.getBucket({\n bucket: \"not-important-bucket-2\",\n});\nconst example = new aws.cloudtrail.Trail(\"example\", {advancedEventSelectors: [\n {\n name: \"Log all S3 objects events except for two S3 buckets\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"resources.ARN\",\n notStartsWiths: [\n not_important_bucket_1.then(not_important_bucket_1 =\u003e `${not_important_bucket_1.arn}/`),\n not_important_bucket_2.then(not_important_bucket_2 =\u003e `${not_important_bucket_2.arn}/`),\n ],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::S3::Object\"],\n },\n ],\n },\n {\n name: \"Log readOnly and writeOnly management events\",\n fieldSelectors: [{\n field: \"eventCategory\",\n equals: [\"Management\"],\n }],\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnot_important_bucket_1 = aws.s3.get_bucket(bucket=\"not-important-bucket-1\")\nnot_important_bucket_2 = aws.s3.get_bucket(bucket=\"not-important-bucket-2\")\nexample = aws.cloudtrail.Trail(\"example\", advanced_event_selectors=[\n {\n \"name\": \"Log all S3 objects events except for two S3 buckets\",\n \"field_selectors\": [\n {\n \"field\": \"eventCategory\",\n \"equals\": [\"Data\"],\n },\n {\n \"field\": \"resources.ARN\",\n \"not_starts_withs\": [\n f\"{not_important_bucket_1.arn}/\",\n f\"{not_important_bucket_2.arn}/\",\n ],\n },\n {\n \"field\": \"resources.type\",\n \"equals\": [\"AWS::S3::Object\"],\n },\n ],\n },\n {\n \"name\": \"Log readOnly and writeOnly management events\",\n \"field_selectors\": [{\n \"field\": \"eventCategory\",\n \"equals\": [\"Management\"],\n }],\n },\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var not_important_bucket_1 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"not-important-bucket-1\",\n });\n\n var not_important_bucket_2 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"not-important-bucket-2\",\n });\n\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n AdvancedEventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorArgs\n {\n Name = \"Log all S3 objects events except for two S3 buckets\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n NotStartsWiths = new[]\n {\n not_important_bucket_1.Apply(not_important_bucket_1 =\u003e $\"{not_important_bucket_1.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n not_important_bucket_2.Apply(not_important_bucket_2 =\u003e $\"{not_important_bucket_2.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::S3::Object\",\n },\n },\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorArgs\n {\n Name = \"Log readOnly and writeOnly management events\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Management\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnot_important_bucket_1, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"not-important-bucket-1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnot_important_bucket_2, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"not-important-bucket-2\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tAdvancedEventSelectors: cloudtrail.TrailAdvancedEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log all S3 objects events except for two S3 buckets\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.TrailAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tNotStartsWiths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", not_important_bucket_1.Arn),\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", not_important_bucket_2.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log readOnly and writeOnly management events\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.TrailAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Management\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailAdvancedEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var not-important-bucket-1 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"not-important-bucket-1\")\n .build());\n\n final var not-important-bucket-2 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"not-important-bucket-2\")\n .build());\n\n var example = new Trail(\"example\", TrailArgs.builder()\n .advancedEventSelectors( \n TrailAdvancedEventSelectorArgs.builder()\n .name(\"Log all S3 objects events except for two S3 buckets\")\n .fieldSelectors( \n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .notStartsWiths( \n String.format(\"%s/\", not_important_bucket_1.arn()),\n String.format(\"%s/\", not_important_bucket_2.arn()))\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::S3::Object\")\n .build())\n .build(),\n TrailAdvancedEventSelectorArgs.builder()\n .name(\"Log readOnly and writeOnly management events\")\n .fieldSelectors(TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Management\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n advancedEventSelectors:\n - name: Log all S3 objects events except for two S3 buckets\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: resources.ARN\n notStartsWiths:\n - ${[\"not-important-bucket-1\"].arn}/\n - ${[\"not-important-bucket-2\"].arn}/\n - field: resources.type\n equals:\n - AWS::S3::Object\n - name: Log readOnly and writeOnly management events\n fieldSelectors:\n - field: eventCategory\n equals:\n - Management\nvariables:\n not-important-bucket-1:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: not-important-bucket-1\n not-important-bucket-2:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: not-important-bucket-2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Logging Individual S3 Buckets And Specific Event Names By Using Advanced Event Selectors\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst important_bucket_1 = aws.s3.getBucket({\n bucket: \"important-bucket-1\",\n});\nconst important_bucket_2 = aws.s3.getBucket({\n bucket: \"important-bucket-2\",\n});\nconst important_bucket_3 = aws.s3.getBucket({\n bucket: \"important-bucket-3\",\n});\nconst example = new aws.cloudtrail.Trail(\"example\", {advancedEventSelectors: [\n {\n name: \"Log PutObject and DeleteObject events for two S3 buckets\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"eventName\",\n equals: [\n \"PutObject\",\n \"DeleteObject\",\n ],\n },\n {\n field: \"resources.ARN\",\n startsWiths: [\n important_bucket_1.then(important_bucket_1 =\u003e `${important_bucket_1.arn}/`),\n important_bucket_2.then(important_bucket_2 =\u003e `${important_bucket_2.arn}/`),\n ],\n },\n {\n field: \"readOnly\",\n equals: [\"false\"],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::S3::Object\"],\n },\n ],\n },\n {\n name: \"Log Delete* events for one S3 bucket\",\n fieldSelectors: [\n {\n field: \"eventCategory\",\n equals: [\"Data\"],\n },\n {\n field: \"eventName\",\n startsWiths: [\"Delete\"],\n },\n {\n field: \"resources.ARN\",\n equals: [important_bucket_3.then(important_bucket_3 =\u003e `${important_bucket_3.arn}/important-prefix`)],\n },\n {\n field: \"readOnly\",\n equals: [\"false\"],\n },\n {\n field: \"resources.type\",\n equals: [\"AWS::S3::Object\"],\n },\n ],\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nimportant_bucket_1 = aws.s3.get_bucket(bucket=\"important-bucket-1\")\nimportant_bucket_2 = aws.s3.get_bucket(bucket=\"important-bucket-2\")\nimportant_bucket_3 = aws.s3.get_bucket(bucket=\"important-bucket-3\")\nexample = aws.cloudtrail.Trail(\"example\", advanced_event_selectors=[\n {\n \"name\": \"Log PutObject and DeleteObject events for two S3 buckets\",\n \"field_selectors\": [\n {\n \"field\": \"eventCategory\",\n \"equals\": [\"Data\"],\n },\n {\n \"field\": \"eventName\",\n \"equals\": [\n \"PutObject\",\n \"DeleteObject\",\n ],\n },\n {\n \"field\": \"resources.ARN\",\n \"starts_withs\": [\n f\"{important_bucket_1.arn}/\",\n f\"{important_bucket_2.arn}/\",\n ],\n },\n {\n \"field\": \"readOnly\",\n \"equals\": [\"false\"],\n },\n {\n \"field\": \"resources.type\",\n \"equals\": [\"AWS::S3::Object\"],\n },\n ],\n },\n {\n \"name\": \"Log Delete* events for one S3 bucket\",\n \"field_selectors\": [\n {\n \"field\": \"eventCategory\",\n \"equals\": [\"Data\"],\n },\n {\n \"field\": \"eventName\",\n \"starts_withs\": [\"Delete\"],\n },\n {\n \"field\": \"resources.ARN\",\n \"equals\": [f\"{important_bucket_3.arn}/important-prefix\"],\n },\n {\n \"field\": \"readOnly\",\n \"equals\": [\"false\"],\n },\n {\n \"field\": \"resources.type\",\n \"equals\": [\"AWS::S3::Object\"],\n },\n ],\n },\n])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var important_bucket_1 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"important-bucket-1\",\n });\n\n var important_bucket_2 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"important-bucket-2\",\n });\n\n var important_bucket_3 = Aws.S3.GetBucket.Invoke(new()\n {\n Bucket = \"important-bucket-3\",\n });\n\n var example = new Aws.CloudTrail.Trail(\"example\", new()\n {\n AdvancedEventSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorArgs\n {\n Name = \"Log PutObject and DeleteObject events for two S3 buckets\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventName\",\n Equals = new[]\n {\n \"PutObject\",\n \"DeleteObject\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n StartsWiths = new[]\n {\n important_bucket_1.Apply(important_bucket_1 =\u003e $\"{important_bucket_1.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n important_bucket_2.Apply(important_bucket_2 =\u003e $\"{important_bucket_2.Apply(getBucketResult =\u003e getBucketResult.Arn)}/\"),\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"readOnly\",\n Equals = new[]\n {\n \"false\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::S3::Object\",\n },\n },\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorArgs\n {\n Name = \"Log Delete* events for one S3 bucket\",\n FieldSelectors = new[]\n {\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventCategory\",\n Equals = new[]\n {\n \"Data\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"eventName\",\n StartsWiths = new[]\n {\n \"Delete\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.ARN\",\n Equals = new[]\n {\n important_bucket_3.Apply(important_bucket_3 =\u003e $\"{important_bucket_3.Apply(getBucketResult =\u003e getBucketResult.Arn)}/important-prefix\"),\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"readOnly\",\n Equals = new[]\n {\n \"false\",\n },\n },\n new Aws.CloudTrail.Inputs.TrailAdvancedEventSelectorFieldSelectorArgs\n {\n Field = \"resources.type\",\n Equals = new[]\n {\n \"AWS::S3::Object\",\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\timportant_bucket_1, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"important-bucket-1\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\timportant_bucket_2, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"important-bucket-2\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\timportant_bucket_3, err := s3.LookupBucket(ctx, \u0026s3.LookupBucketArgs{\n\t\t\tBucket: \"important-bucket-3\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tAdvancedEventSelectors: cloudtrail.TrailAdvancedEventSelectorArray{\n\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log PutObject and DeleteObject events for two S3 buckets\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.TrailAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventName\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"PutObject\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"DeleteObject\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tStartsWiths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", important_bucket_1.Arn),\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/\", important_bucket_2.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"readOnly\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"false\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorArgs{\n\t\t\t\t\tName: pulumi.String(\"Log Delete* events for one S3 bucket\"),\n\t\t\t\t\tFieldSelectors: cloudtrail.TrailAdvancedEventSelectorFieldSelectorArray{\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventCategory\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Data\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"eventName\"),\n\t\t\t\t\t\t\tStartsWiths: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Delete\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.ARN\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Sprintf(\"%v/important-prefix\", important_bucket_3.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"readOnly\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"false\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026cloudtrail.TrailAdvancedEventSelectorFieldSelectorArgs{\n\t\t\t\t\t\t\tField: pulumi.String(\"resources.type\"),\n\t\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.S3Functions;\nimport com.pulumi.aws.s3.inputs.GetBucketArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport com.pulumi.aws.cloudtrail.inputs.TrailAdvancedEventSelectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var important-bucket-1 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"important-bucket-1\")\n .build());\n\n final var important-bucket-2 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"important-bucket-2\")\n .build());\n\n final var important-bucket-3 = S3Functions.getBucket(GetBucketArgs.builder()\n .bucket(\"important-bucket-3\")\n .build());\n\n var example = new Trail(\"example\", TrailArgs.builder()\n .advancedEventSelectors( \n TrailAdvancedEventSelectorArgs.builder()\n .name(\"Log PutObject and DeleteObject events for two S3 buckets\")\n .fieldSelectors( \n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventName\")\n .equals( \n \"PutObject\",\n \"DeleteObject\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .startsWiths( \n String.format(\"%s/\", important_bucket_1.arn()),\n String.format(\"%s/\", important_bucket_2.arn()))\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"readOnly\")\n .equals(\"false\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::S3::Object\")\n .build())\n .build(),\n TrailAdvancedEventSelectorArgs.builder()\n .name(\"Log Delete* events for one S3 bucket\")\n .fieldSelectors( \n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventCategory\")\n .equals(\"Data\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"eventName\")\n .startsWiths(\"Delete\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.ARN\")\n .equals(String.format(\"%s/important-prefix\", important_bucket_3.arn()))\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"readOnly\")\n .equals(\"false\")\n .build(),\n TrailAdvancedEventSelectorFieldSelectorArgs.builder()\n .field(\"resources.type\")\n .equals(\"AWS::S3::Object\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudtrail:Trail\n properties:\n advancedEventSelectors:\n - name: Log PutObject and DeleteObject events for two S3 buckets\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: eventName\n equals:\n - PutObject\n - DeleteObject\n - field: resources.ARN\n startsWiths:\n - ${[\"important-bucket-1\"].arn}/\n - ${[\"important-bucket-2\"].arn}/\n - field: readOnly\n equals:\n - 'false'\n - field: resources.type\n equals:\n - AWS::S3::Object\n - name: Log Delete* events for one S3 bucket\n fieldSelectors:\n - field: eventCategory\n equals:\n - Data\n - field: eventName\n startsWiths:\n - Delete\n - field: resources.ARN\n equals:\n - ${[\"important-bucket-3\"].arn}/important-prefix\n - field: readOnly\n equals:\n - 'false'\n - field: resources.type\n equals:\n - AWS::S3::Object\nvariables:\n important-bucket-1:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: important-bucket-1\n important-bucket-2:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: important-bucket-2\n important-bucket-3:\n fn::invoke:\n function: aws:s3:getBucket\n arguments:\n bucket: important-bucket-3\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Sending Events to CloudWatch Logs\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.LogGroup(\"example\", {name: \"Example\"});\nconst exampleTrail = new aws.cloudtrail.Trail(\"example\", {cloudWatchLogsGroupArn: pulumi.interpolate`${example.arn}:*`});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.LogGroup(\"example\", name=\"Example\")\nexample_trail = aws.cloudtrail.Trail(\"example\", cloud_watch_logs_group_arn=example.arn.apply(lambda arn: f\"{arn}:*\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = \"Example\",\n });\n\n var exampleTrail = new Aws.CloudTrail.Trail(\"example\", new()\n {\n CloudWatchLogsGroupArn = example.Arn.Apply(arn =\u003e $\"{arn}:*\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.String(\"Example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", \u0026cloudtrail.TrailArgs{\n\t\t\tCloudWatchLogsGroupArn: example.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.cloudtrail.Trail;\nimport com.pulumi.aws.cloudtrail.TrailArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LogGroup(\"example\", LogGroupArgs.builder()\n .name(\"Example\")\n .build());\n\n var exampleTrail = new Trail(\"exampleTrail\", TrailArgs.builder()\n .cloudWatchLogsGroupArn(example.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: Example\n exampleTrail:\n type: aws:cloudtrail:Trail\n name: example\n properties:\n cloudWatchLogsGroupArn: ${example.arn}:*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Cloudtrails using the `arn`. For example:\n\n```sh\n$ pulumi import aws:cloudtrail/trail:Trail sample arn:aws:cloudtrail:us-east-1:123456789012:trail/my-sample-trail\n```\n", "properties": { "advancedEventSelectors": { "type": "array", @@ -207485,7 +207485,7 @@ } }, "aws:cloudwatch/logResourcePolicy:LogResourcePolicy": { - "description": "Provides a resource to manage a CloudWatch log resource policy.\n\n## Example Usage\n\n### Elasticsearch Log Publishing\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst elasticsearch-log-publishing-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n resources: [\"arn:aws:logs:*\"],\n principals: [{\n identifiers: [\"es.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst elasticsearch_log_publishing_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\", {\n policyDocument: elasticsearch_log_publishing_policy.then(elasticsearch_log_publishing_policy =\u003e elasticsearch_log_publishing_policy.json),\n policyName: \"elasticsearch-log-publishing-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nelasticsearch_log_publishing_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n \"resources\": [\"arn:aws:logs:*\"],\n \"principals\": [{\n \"identifiers\": [\"es.amazonaws.com\"],\n \"type\": \"Service\",\n }],\n}])\nelasticsearch_log_publishing_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\",\n policy_document=elasticsearch_log_publishing_policy.json,\n policy_name=\"elasticsearch-log-publishing-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var elasticsearch_log_publishing_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var elasticsearch_log_publishing_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\", new()\n {\n PolicyDocument = elasticsearch_log_publishing_policy.Apply(elasticsearch_log_publishing_policy =\u003e elasticsearch_log_publishing_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"elasticsearch-log-publishing-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\telasticsearch_log_publishing_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"elasticsearch-log-publishing-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(elasticsearch_log_publishing_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"elasticsearch-log-publishing-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var elasticsearch-log-publishing-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\")\n .resources(\"arn:aws:logs:*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"es.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var elasticsearch_log_publishing_policyLogResourcePolicy = new LogResourcePolicy(\"elasticsearch-log-publishing-policyLogResourcePolicy\", LogResourcePolicyArgs.builder()\n .policyDocument(elasticsearch_log_publishing_policy.json())\n .policyName(\"elasticsearch-log-publishing-policy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elasticsearch-log-publishing-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: elasticsearch-log-publishing-policy\n properties:\n policyDocument: ${[\"elasticsearch-log-publishing-policy\"].json}\n policyName: elasticsearch-log-publishing-policy\nvariables:\n elasticsearch-log-publishing-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n resources:\n - arn:aws:logs:*\n principals:\n - identifiers:\n - es.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Route53 Query Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst route53-query-logging-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\", {\n policyDocument: route53_query_logging_policy.then(route53_query_logging_policy =\u003e route53_query_logging_policy.json),\n policyName: \"route53-query-logging-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nroute53_query_logging_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n \"resources\": [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n \"principals\": [{\n \"identifiers\": [\"route53.amazonaws.com\"],\n \"type\": \"Service\",\n }],\n}])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\",\n policy_document=route53_query_logging_policy.json,\n policy_name=\"route53-query-logging-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var route53_query_logging_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policy\", new()\n {\n PolicyDocument = route53_query_logging_policy.Apply(route53_query_logging_policy =\u003e route53_query_logging_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troute53_query_logging_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(route53_query_logging_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var route53-query-logging-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder()\n .policyDocument(route53_query_logging_policy.json())\n .policyName(\"route53-query-logging-policy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n route53-query-logging-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: route53-query-logging-policy\n properties:\n policyDocument: ${[\"route53-query-logging-policy\"].json}\n policyName: route53-query-logging-policy\nvariables:\n route53-query-logging-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudWatch log resource policies using the policy name. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/logResourcePolicy:LogResourcePolicy MyPolicy MyPolicy\n```\n", + "description": "Provides a resource to manage a CloudWatch log resource policy.\n\n## Example Usage\n\n### Elasticsearch Log Publishing\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst elasticsearch_log_publishing_policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n resources: [\"arn:aws:logs:*\"],\n principals: [{\n identifiers: [\"es.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst elasticsearch_log_publishing_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\", {\n policyDocument: elasticsearch_log_publishing_policy.then(elasticsearch_log_publishing_policy =\u003e elasticsearch_log_publishing_policy.json),\n policyName: \"elasticsearch-log-publishing-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nelasticsearch_log_publishing_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n \"resources\": [\"arn:aws:logs:*\"],\n \"principals\": [{\n \"identifiers\": [\"es.amazonaws.com\"],\n \"type\": \"Service\",\n }],\n}])\nelasticsearch_log_publishing_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\",\n policy_document=elasticsearch_log_publishing_policy.json,\n policy_name=\"elasticsearch-log-publishing-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var elasticsearch_log_publishing_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"es.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var elasticsearch_log_publishing_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"elasticsearch-log-publishing-policy\", new()\n {\n PolicyDocument = elasticsearch_log_publishing_policy.Apply(elasticsearch_log_publishing_policy =\u003e elasticsearch_log_publishing_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"elasticsearch-log-publishing-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\telasticsearch_log_publishing_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"elasticsearch-log-publishing-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(elasticsearch_log_publishing_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"elasticsearch-log-publishing-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var elasticsearch-log-publishing-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\")\n .resources(\"arn:aws:logs:*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"es.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var elasticsearch_log_publishing_policyLogResourcePolicy = new LogResourcePolicy(\"elasticsearch-log-publishing-policyLogResourcePolicy\", LogResourcePolicyArgs.builder()\n .policyDocument(elasticsearch_log_publishing_policy.json())\n .policyName(\"elasticsearch-log-publishing-policy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elasticsearch-log-publishing-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: elasticsearch-log-publishing-policy\n properties:\n policyDocument: ${[\"elasticsearch-log-publishing-policy\"].json}\n policyName: elasticsearch-log-publishing-policy\nvariables:\n elasticsearch-log-publishing-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n - logs:PutLogEventsBatch\n resources:\n - arn:aws:logs:*\n principals:\n - identifiers:\n - es.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Route53 Query Logging\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst route53_query_logging_policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\", {\n policyDocument: route53_query_logging_policy.then(route53_query_logging_policy =\u003e route53_query_logging_policy.json),\n policyName: \"route53-query-logging-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nroute53_query_logging_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n \"resources\": [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n \"principals\": [{\n \"identifiers\": [\"route53.amazonaws.com\"],\n \"type\": \"Service\",\n }],\n}])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\",\n policy_document=route53_query_logging_policy.json,\n policy_name=\"route53-query-logging-policy\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var route53_query_logging_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policy\", new()\n {\n PolicyDocument = route53_query_logging_policy.Apply(route53_query_logging_policy =\u003e route53_query_logging_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troute53_query_logging_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(route53_query_logging_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var route53-query-logging-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder()\n .policyDocument(route53_query_logging_policy.json())\n .policyName(\"route53-query-logging-policy\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n route53-query-logging-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: route53-query-logging-policy\n properties:\n policyDocument: ${[\"route53-query-logging-policy\"].json}\n policyName: route53-query-logging-policy\nvariables:\n route53-query-logging-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import CloudWatch log resource policies using the policy name. For example:\n\n```sh\n$ pulumi import aws:cloudwatch/logResourcePolicy:LogResourcePolicy MyPolicy MyPolicy\n```\n", "properties": { "policyDocument": { "type": "string", @@ -228443,7 +228443,7 @@ } }, "aws:directoryservice/logService:LogService": { - "description": "Provides a Log subscription for AWS Directory Service that pushes logs to cloudwatch.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.LogGroup(\"example\", {\n name: `/aws/directoryservice/${exampleAwsDirectoryServiceDirectory.id}`,\n retentionInDays: 14,\n});\nconst ad-log-policy = aws.iam.getPolicyDocumentOutput({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n principals: [{\n identifiers: [\"ds.amazonaws.com\"],\n type: \"Service\",\n }],\n resources: [pulumi.interpolate`${example.arn}:*`],\n effect: \"Allow\",\n }],\n});\nconst ad_log_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"ad-log-policy\", {\n policyDocument: ad_log_policy.apply(ad_log_policy =\u003e ad_log_policy.json),\n policyName: \"ad-log-policy\",\n});\nconst exampleLogService = new aws.directoryservice.LogService(\"example\", {\n directoryId: exampleAwsDirectoryServiceDirectory.id,\n logGroupName: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.LogGroup(\"example\",\n name=f\"/aws/directoryservice/{example_aws_directory_service_directory['id']}\",\n retention_in_days=14)\nad_log_policy = aws.iam.get_policy_document_output(statements=[{\n \"actions\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n \"principals\": [{\n \"identifiers\": [\"ds.amazonaws.com\"],\n \"type\": \"Service\",\n }],\n \"resources\": [example.arn.apply(lambda arn: f\"{arn}:*\")],\n \"effect\": \"Allow\",\n}])\nad_log_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"ad-log-policy\",\n policy_document=ad_log_policy.json,\n policy_name=\"ad-log-policy\")\nexample_log_service = aws.directoryservice.LogService(\"example\",\n directory_id=example_aws_directory_service_directory[\"id\"],\n log_group_name=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = $\"/aws/directoryservice/{exampleAwsDirectoryServiceDirectory.Id}\",\n RetentionInDays = 14,\n });\n\n var ad_log_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"ds.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n Resources = new[]\n {\n $\"{example.Arn}:*\",\n },\n Effect = \"Allow\",\n },\n },\n });\n\n var ad_log_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"ad-log-policy\", new()\n {\n PolicyDocument = ad_log_policy.Apply(ad_log_policy =\u003e ad_log_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"ad-log-policy\",\n });\n\n var exampleLogService = new Aws.DirectoryService.LogService(\"example\", new()\n {\n DirectoryId = exampleAwsDirectoryServiceDirectory.Id,\n LogGroupName = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.Sprintf(\"/aws/directoryservice/%v\", exampleAwsDirectoryServiceDirectory.Id),\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tad_log_policy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"logs:CreateLogStream\"),\n\t\t\t\t\t\tpulumi.String(\"logs:PutLogEvents\"),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"ds.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"ad-log-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(ad_log_policy.ApplyT(func(ad_log_policy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026ad_log_policy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tPolicyName: pulumi.String(\"ad-log-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directoryservice.NewLogService(ctx, \"example\", \u0026directoryservice.LogServiceArgs{\n\t\t\tDirectoryId: pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),\n\t\t\tLogGroupName: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.directoryservice.LogService;\nimport com.pulumi.aws.directoryservice.LogServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LogGroup(\"example\", LogGroupArgs.builder()\n .name(String.format(\"/aws/directoryservice/%s\", exampleAwsDirectoryServiceDirectory.id()))\n .retentionInDays(14)\n .build());\n\n final var ad-log-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"ds.amazonaws.com\")\n .type(\"Service\")\n .build())\n .resources(example.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .effect(\"Allow\")\n .build())\n .build());\n\n var ad_log_policyLogResourcePolicy = new LogResourcePolicy(\"ad-log-policyLogResourcePolicy\", LogResourcePolicyArgs.builder()\n .policyDocument(ad_log_policy.applyValue(ad_log_policy -\u003e ad_log_policy.json()))\n .policyName(\"ad-log-policy\")\n .build());\n\n var exampleLogService = new LogService(\"exampleLogService\", LogServiceArgs.builder()\n .directoryId(exampleAwsDirectoryServiceDirectory.id())\n .logGroupName(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /aws/directoryservice/${exampleAwsDirectoryServiceDirectory.id}\n retentionInDays: 14\n ad-log-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: ad-log-policy\n properties:\n policyDocument: ${[\"ad-log-policy\"].json}\n policyName: ad-log-policy\n exampleLogService:\n type: aws:directoryservice:LogService\n name: example\n properties:\n directoryId: ${exampleAwsDirectoryServiceDirectory.id}\n logGroupName: ${example.name}\nvariables:\n ad-log-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n principals:\n - identifiers:\n - ds.amazonaws.com\n type: Service\n resources:\n - ${example.arn}:*\n effect: Allow\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Directory Service Log Subscriptions using the directory id. For example:\n\n```sh\n$ pulumi import aws:directoryservice/logService:LogService msad d-1234567890\n```\n", + "description": "Provides a Log subscription for AWS Directory Service that pushes logs to cloudwatch.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.LogGroup(\"example\", {\n name: `/aws/directoryservice/${exampleAwsDirectoryServiceDirectory.id}`,\n retentionInDays: 14,\n});\nconst ad_log_policy = aws.iam.getPolicyDocumentOutput({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n principals: [{\n identifiers: [\"ds.amazonaws.com\"],\n type: \"Service\",\n }],\n resources: [pulumi.interpolate`${example.arn}:*`],\n effect: \"Allow\",\n }],\n});\nconst ad_log_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"ad-log-policy\", {\n policyDocument: ad_log_policy.apply(ad_log_policy =\u003e ad_log_policy.json),\n policyName: \"ad-log-policy\",\n});\nconst exampleLogService = new aws.directoryservice.LogService(\"example\", {\n directoryId: exampleAwsDirectoryServiceDirectory.id,\n logGroupName: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.LogGroup(\"example\",\n name=f\"/aws/directoryservice/{example_aws_directory_service_directory['id']}\",\n retention_in_days=14)\nad_log_policy = aws.iam.get_policy_document_output(statements=[{\n \"actions\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n \"principals\": [{\n \"identifiers\": [\"ds.amazonaws.com\"],\n \"type\": \"Service\",\n }],\n \"resources\": [example.arn.apply(lambda arn: f\"{arn}:*\")],\n \"effect\": \"Allow\",\n}])\nad_log_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"ad-log-policy\",\n policy_document=ad_log_policy.json,\n policy_name=\"ad-log-policy\")\nexample_log_service = aws.directoryservice.LogService(\"example\",\n directory_id=example_aws_directory_service_directory[\"id\"],\n log_group_name=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.CloudWatch.LogGroup(\"example\", new()\n {\n Name = $\"/aws/directoryservice/{exampleAwsDirectoryServiceDirectory.Id}\",\n RetentionInDays = 14,\n });\n\n var ad_log_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"ds.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n Resources = new[]\n {\n $\"{example.Arn}:*\",\n },\n Effect = \"Allow\",\n },\n },\n });\n\n var ad_log_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"ad-log-policy\", new()\n {\n PolicyDocument = ad_log_policy.Apply(ad_log_policy =\u003e ad_log_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"ad-log-policy\",\n });\n\n var exampleLogService = new Aws.DirectoryService.LogService(\"example\", new()\n {\n DirectoryId = exampleAwsDirectoryServiceDirectory.Id,\n LogGroupName = example.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: pulumi.Sprintf(\"/aws/directoryservice/%v\", exampleAwsDirectoryServiceDirectory.Id),\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tad_log_policy := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"logs:CreateLogStream\"),\n\t\t\t\t\t\tpulumi.String(\"logs:PutLogEvents\"),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: iam.GetPolicyDocumentStatementPrincipalArray{\n\t\t\t\t\t\t\u0026iam.GetPolicyDocumentStatementPrincipalArgs{\n\t\t\t\t\t\t\tIdentifiers: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"ds.amazonaws.com\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: pulumi.String(\"Service\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\texample.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"ad-log-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(ad_log_policy.ApplyT(func(ad_log_policy iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026ad_log_policy.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t\tPolicyName: pulumi.String(\"ad-log-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directoryservice.NewLogService(ctx, \"example\", \u0026directoryservice.LogServiceArgs{\n\t\t\tDirectoryId: pulumi.Any(exampleAwsDirectoryServiceDirectory.Id),\n\t\t\tLogGroupName: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.directoryservice.LogService;\nimport com.pulumi.aws.directoryservice.LogServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new LogGroup(\"example\", LogGroupArgs.builder()\n .name(String.format(\"/aws/directoryservice/%s\", exampleAwsDirectoryServiceDirectory.id()))\n .retentionInDays(14)\n .build());\n\n final var ad-log-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"ds.amazonaws.com\")\n .type(\"Service\")\n .build())\n .resources(example.arn().applyValue(arn -\u003e String.format(\"%s:*\", arn)))\n .effect(\"Allow\")\n .build())\n .build());\n\n var ad_log_policyLogResourcePolicy = new LogResourcePolicy(\"ad-log-policyLogResourcePolicy\", LogResourcePolicyArgs.builder()\n .policyDocument(ad_log_policy.applyValue(ad_log_policy -\u003e ad_log_policy.json()))\n .policyName(\"ad-log-policy\")\n .build());\n\n var exampleLogService = new LogService(\"exampleLogService\", LogServiceArgs.builder()\n .directoryId(exampleAwsDirectoryServiceDirectory.id())\n .logGroupName(example.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:cloudwatch:LogGroup\n properties:\n name: /aws/directoryservice/${exampleAwsDirectoryServiceDirectory.id}\n retentionInDays: 14\n ad-log-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: ad-log-policy\n properties:\n policyDocument: ${[\"ad-log-policy\"].json}\n policyName: ad-log-policy\n exampleLogService:\n type: aws:directoryservice:LogService\n name: example\n properties:\n directoryId: ${exampleAwsDirectoryServiceDirectory.id}\n logGroupName: ${example.name}\nvariables:\n ad-log-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n principals:\n - identifiers:\n - ds.amazonaws.com\n type: Service\n resources:\n - ${example.arn}:*\n effect: Allow\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Directory Service Log Subscriptions using the directory id. For example:\n\n```sh\n$ pulumi import aws:directoryservice/logService:LogService msad d-1234567890\n```\n", "properties": { "directoryId": { "type": "string", @@ -228647,7 +228647,7 @@ } }, "aws:directoryservice/serviceRegion:ServiceRegion": { - "description": "Manages a replicated Region and directory for Multi-Region replication.\nMulti-Region replication is only supported for the Enterprise Edition of AWS Managed Microsoft AD.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst example = aws.getRegion({});\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"10.0.0.0/16\",\n tags: {\n Name: \"Primary\",\n },\n});\nconst exampleSubnet: aws.ec2.Subnet[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n exampleSubnet.push(new aws.ec2.Subnet(`example-${range.value}`, {\n vpcId: exampleVpc.id,\n availabilityZone: available.then(available =\u003e available.names[range.value]),\n cidrBlock: exampleVpc.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: range.value,\n })).apply(invoke =\u003e invoke.result),\n tags: {\n Name: \"Primary\",\n },\n }));\n}\nconst exampleDirectory = new aws.directoryservice.Directory(\"example\", {\n name: \"example.com\",\n password: \"SuperSecretPassw0rd\",\n type: \"MicrosoftAD\",\n vpcSettings: {\n vpcId: exampleVpc.id,\n subnetIds: exampleSubnet.map(__item =\u003e __item.id),\n },\n});\nconst available-secondary = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst example_secondary = new aws.ec2.Vpc(\"example-secondary\", {\n cidrBlock: \"10.1.0.0/16\",\n tags: {\n Name: \"Secondary\",\n },\n});\nconst example_secondarySubnet: aws.ec2.Subnet[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n example_secondarySubnet.push(new aws.ec2.Subnet(`example-secondary-${range.value}`, {\n vpcId: example_secondary.id,\n availabilityZone: available_secondary.then(available_secondary =\u003e available_secondary.names[range.value]),\n cidrBlock: example_secondary.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: range.value,\n })).apply(invoke =\u003e invoke.result),\n tags: {\n Name: \"Secondary\",\n },\n }));\n}\nconst exampleServiceRegion = new aws.directoryservice.ServiceRegion(\"example\", {\n directoryId: exampleDirectory.id,\n regionName: example.then(example =\u003e example.name),\n vpcSettings: {\n vpcId: example_secondary.id,\n subnetIds: example_secondarySubnet.map(__item =\u003e __item.id),\n },\n tags: {\n Name: \"Secondary\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nexample = aws.get_region()\navailable = aws.get_availability_zones(state=\"available\",\n filters=[{\n \"name\": \"opt-in-status\",\n \"values\": [\"opt-in-not-required\"],\n }])\nexample_vpc = aws.ec2.Vpc(\"example\",\n cidr_block=\"10.0.0.0/16\",\n tags={\n \"Name\": \"Primary\",\n })\nexample_subnet = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n example_subnet.append(aws.ec2.Subnet(f\"example-{range['value']}\",\n vpc_id=example_vpc.id,\n availability_zone=available.names[range[\"value\"]],\n cidr_block=example_vpc.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=range[\"value\"])).apply(lambda invoke: invoke.result),\n tags={\n \"Name\": \"Primary\",\n }))\nexample_directory = aws.directoryservice.Directory(\"example\",\n name=\"example.com\",\n password=\"SuperSecretPassw0rd\",\n type=\"MicrosoftAD\",\n vpc_settings={\n \"vpc_id\": example_vpc.id,\n \"subnet_ids\": [__item.id for __item in example_subnet],\n })\navailable_secondary = aws.get_availability_zones(state=\"available\",\n filters=[{\n \"name\": \"opt-in-status\",\n \"values\": [\"opt-in-not-required\"],\n }])\nexample_secondary = aws.ec2.Vpc(\"example-secondary\",\n cidr_block=\"10.1.0.0/16\",\n tags={\n \"Name\": \"Secondary\",\n })\nexample_secondary_subnet = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n example_secondary_subnet.append(aws.ec2.Subnet(f\"example-secondary-{range['value']}\",\n vpc_id=example_secondary.id,\n availability_zone=available_secondary.names[range[\"value\"]],\n cidr_block=example_secondary.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=range[\"value\"])).apply(lambda invoke: invoke.result),\n tags={\n \"Name\": \"Secondary\",\n }))\nexample_service_region = aws.directoryservice.ServiceRegion(\"example\",\n directory_id=example_directory.id,\n region_name=example.name,\n vpc_settings={\n \"vpc_id\": example_secondary.id,\n \"subnet_ids\": [__item.id for __item in example_secondary_subnet],\n },\n tags={\n \"Name\": \"Secondary\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.GetRegion.Invoke();\n\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n Tags = \n {\n { \"Name\", \"Primary\" },\n },\n });\n\n var exampleSubnet = new List\u003cAws.Ec2.Subnet\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n exampleSubnet.Add(new Aws.Ec2.Subnet($\"example-{range.Value}\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names)[range.Value],\n CidrBlock = exampleVpc.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = range.Value,\n })).Apply(invoke =\u003e invoke.Result),\n Tags = \n {\n { \"Name\", \"Primary\" },\n },\n }));\n }\n var exampleDirectory = new Aws.DirectoryService.Directory(\"example\", new()\n {\n Name = \"example.com\",\n Password = \"SuperSecretPassw0rd\",\n Type = \"MicrosoftAD\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = exampleVpc.Id,\n SubnetIds = exampleSubnet.Select(__item =\u003e __item.Id).ToList(),\n },\n });\n\n var available_secondary = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var example_secondary = new Aws.Ec2.Vpc(\"example-secondary\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n });\n\n var example_secondarySubnet = new List\u003cAws.Ec2.Subnet\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n example_secondarySubnet.Add(new Aws.Ec2.Subnet($\"example-secondary-{range.Value}\", new()\n {\n VpcId = example_secondary.Id,\n AvailabilityZone = available_secondary.Apply(available_secondary =\u003e available_secondary.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names)[range.Value]),\n CidrBlock = example_secondary.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = range.Value,\n })).Apply(invoke =\u003e invoke.Result),\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n }));\n }\n var exampleServiceRegion = new Aws.DirectoryService.ServiceRegion(\"example\", new()\n {\n DirectoryId = exampleDirectory.Id,\n RegionName = example.Apply(getRegionResult =\u003e getRegionResult.Name),\n VpcSettings = new Aws.DirectoryService.Inputs.ServiceRegionVpcSettingsArgs\n {\n VpcId = example_secondary.Id,\n SubnetIds = example_secondarySubnet.Select(__item =\u003e __item.Id).ToList(),\n },\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := aws.GetRegion(ctx, \u0026aws.GetRegionArgs{\n}, nil);\nif err != nil {\nreturn err\n}\navailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\nState: pulumi.StringRef(\"available\"),\nFilters: []aws.GetAvailabilityZonesFilter{\n{\nName: \"opt-in-status\",\nValues: []string{\n\"opt-in-not-required\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\nCidrBlock: pulumi.String(\"10.0.0.0/16\"),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Primary\"),\n},\n})\nif err != nil {\nreturn err\n}\nvar exampleSubnet []*ec2.Subnet\nfor index := 0; index \u003c 2; index++ {\n key0 := index\n val0 := index\n__res, err := ec2.NewSubnet(ctx, fmt.Sprintf(\"example-%v\", key0), \u0026ec2.SubnetArgs{\nVpcId: exampleVpc.ID(),\nAvailabilityZone: pulumi.String(available.Names[val0]),\nCidrBlock: pulumi.String(exampleVpc.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\nreturn std.CidrsubnetResult(interface{}(std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\nInput: cidrBlock,\nNewbits: 8,\nNetnum: val0,\n}, nil))), nil\n}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\nreturn invoke.Result, nil\n}).(pulumi.StringPtrOutput)),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Primary\"),\n},\n})\nif err != nil {\nreturn err\n}\nexampleSubnet = append(exampleSubnet, __res)\n}\nexampleDirectory, err := directoryservice.NewDirectory(ctx, \"example\", \u0026directoryservice.DirectoryArgs{\nName: pulumi.String(\"example.com\"),\nPassword: pulumi.String(\"SuperSecretPassw0rd\"),\nType: pulumi.String(\"MicrosoftAD\"),\nVpcSettings: \u0026directoryservice.DirectoryVpcSettingsArgs{\nVpcId: exampleVpc.ID(),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:44,17-36),\n},\n})\nif err != nil {\nreturn err\n}\navailable_secondary, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\nState: pulumi.StringRef(\"available\"),\nFilters: []aws.GetAvailabilityZonesFilter{\n{\nName: \"opt-in-status\",\nValues: []string{\n\"opt-in-not-required\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = ec2.NewVpc(ctx, \"example-secondary\", \u0026ec2.VpcArgs{\nCidrBlock: pulumi.String(\"10.1.0.0/16\"),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nvar example_secondarySubnet []*ec2.Subnet\nfor index := 0; index \u003c 2; index++ {\n key0 := index\n val0 := index\n__res, err := ec2.NewSubnet(ctx, fmt.Sprintf(\"example-secondary-%v\", key0), \u0026ec2.SubnetArgs{\nVpcId: example_secondary.ID(),\nAvailabilityZone: pulumi.String(available_secondary.Names[val0]),\nCidrBlock: pulumi.String(example_secondary.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\nreturn std.CidrsubnetResult(interface{}(std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\nInput: cidrBlock,\nNewbits: 8,\nNetnum: val0,\n}, nil))), nil\n}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\nreturn invoke.Result, nil\n}).(pulumi.StringPtrOutput)),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nexample_secondarySubnet = append(example_secondarySubnet, __res)\n}\n_, err = directoryservice.NewServiceRegion(ctx, \"example\", \u0026directoryservice.ServiceRegionArgs{\nDirectoryId: exampleDirectory.ID(),\nRegionName: pulumi.String(example.Name),\nVpcSettings: \u0026directoryservice.ServiceRegionVpcSettingsArgs{\nVpcId: example_secondary.ID(),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:87,17-46),\n},\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.directoryservice.Directory;\nimport com.pulumi.aws.directoryservice.DirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;\nimport com.pulumi.aws.directoryservice.ServiceRegion;\nimport com.pulumi.aws.directoryservice.ServiceRegionArgs;\nimport com.pulumi.aws.directoryservice.inputs.ServiceRegionVpcSettingsArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AwsFunctions.getRegion();\n\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder()\n .cidrBlock(\"10.0.0.0/16\")\n .tags(Map.of(\"Name\", \"Primary\"))\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new Subnet(\"exampleSubnet-\" + i, SubnetArgs.builder()\n .vpcId(exampleVpc.id())\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names())[range.value()])\n .cidrBlock(exampleVpc.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .tags(Map.of(\"Name\", \"Primary\"))\n .build());\n\n \n}\n var exampleDirectory = new Directory(\"exampleDirectory\", DirectoryArgs.builder()\n .name(\"example.com\")\n .password(\"SuperSecretPassw0rd\")\n .type(\"MicrosoftAD\")\n .vpcSettings(DirectoryVpcSettingsArgs.builder()\n .vpcId(exampleVpc.id())\n .subnetIds(exampleSubnet.stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .build());\n\n final var available-secondary = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var example_secondary = new Vpc(\"example-secondary\", VpcArgs.builder()\n .cidrBlock(\"10.1.0.0/16\")\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new Subnet(\"example-secondarySubnet-\" + i, SubnetArgs.builder()\n .vpcId(example_secondary.id())\n .availabilityZone(available_secondary.names()[range.value()])\n .cidrBlock(example_secondary.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n \n}\n var exampleServiceRegion = new ServiceRegion(\"exampleServiceRegion\", ServiceRegionArgs.builder()\n .directoryId(exampleDirectory.id())\n .regionName(example.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .vpcSettings(ServiceRegionVpcSettingsArgs.builder()\n .vpcId(example_secondary.id())\n .subnetIds(example_secondarySubnet.stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Replicated Regions using directory ID,Region name. For example:\n\n```sh\n$ pulumi import aws:directoryservice/serviceRegion:ServiceRegion example d-9267651497,us-east-2\n```\n", + "description": "Manages a replicated Region and directory for Multi-Region replication.\nMulti-Region replication is only supported for the Enterprise Edition of AWS Managed Microsoft AD.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as std from \"@pulumi/std\";\n\nconst example = aws.getRegion({});\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst exampleVpc = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"10.0.0.0/16\",\n tags: {\n Name: \"Primary\",\n },\n});\nconst exampleSubnet: aws.ec2.Subnet[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n exampleSubnet.push(new aws.ec2.Subnet(`example-${range.value}`, {\n vpcId: exampleVpc.id,\n availabilityZone: available.then(available =\u003e available.names[range.value]),\n cidrBlock: exampleVpc.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: range.value,\n })).apply(invoke =\u003e invoke.result),\n tags: {\n Name: \"Primary\",\n },\n }));\n}\nconst exampleDirectory = new aws.directoryservice.Directory(\"example\", {\n name: \"example.com\",\n password: \"SuperSecretPassw0rd\",\n type: \"MicrosoftAD\",\n vpcSettings: {\n vpcId: exampleVpc.id,\n subnetIds: exampleSubnet.map(__item =\u003e __item.id),\n },\n});\nconst available_secondary = aws.getAvailabilityZones({\n state: \"available\",\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n});\nconst example_secondary = new aws.ec2.Vpc(\"example-secondary\", {\n cidrBlock: \"10.1.0.0/16\",\n tags: {\n Name: \"Secondary\",\n },\n});\nconst example_secondarySubnet: aws.ec2.Subnet[] = [];\nfor (const range = {value: 0}; range.value \u003c 2; range.value++) {\n example_secondarySubnet.push(new aws.ec2.Subnet(`example-secondary-${range.value}`, {\n vpcId: example_secondary.id,\n availabilityZone: available_secondary.then(available_secondary =\u003e available_secondary.names[range.value]),\n cidrBlock: example_secondary.cidrBlock.apply(cidrBlock =\u003e std.cidrsubnetOutput({\n input: cidrBlock,\n newbits: 8,\n netnum: range.value,\n })).apply(invoke =\u003e invoke.result),\n tags: {\n Name: \"Secondary\",\n },\n }));\n}\nconst exampleServiceRegion = new aws.directoryservice.ServiceRegion(\"example\", {\n directoryId: exampleDirectory.id,\n regionName: example.then(example =\u003e example.name),\n vpcSettings: {\n vpcId: example_secondary.id,\n subnetIds: example_secondarySubnet.map(__item =\u003e __item.id),\n },\n tags: {\n Name: \"Secondary\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_std as std\n\nexample = aws.get_region()\navailable = aws.get_availability_zones(state=\"available\",\n filters=[{\n \"name\": \"opt-in-status\",\n \"values\": [\"opt-in-not-required\"],\n }])\nexample_vpc = aws.ec2.Vpc(\"example\",\n cidr_block=\"10.0.0.0/16\",\n tags={\n \"Name\": \"Primary\",\n })\nexample_subnet = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n example_subnet.append(aws.ec2.Subnet(f\"example-{range['value']}\",\n vpc_id=example_vpc.id,\n availability_zone=available.names[range[\"value\"]],\n cidr_block=example_vpc.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=range[\"value\"])).apply(lambda invoke: invoke.result),\n tags={\n \"Name\": \"Primary\",\n }))\nexample_directory = aws.directoryservice.Directory(\"example\",\n name=\"example.com\",\n password=\"SuperSecretPassw0rd\",\n type=\"MicrosoftAD\",\n vpc_settings={\n \"vpc_id\": example_vpc.id,\n \"subnet_ids\": [__item.id for __item in example_subnet],\n })\navailable_secondary = aws.get_availability_zones(state=\"available\",\n filters=[{\n \"name\": \"opt-in-status\",\n \"values\": [\"opt-in-not-required\"],\n }])\nexample_secondary = aws.ec2.Vpc(\"example-secondary\",\n cidr_block=\"10.1.0.0/16\",\n tags={\n \"Name\": \"Secondary\",\n })\nexample_secondary_subnet = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n example_secondary_subnet.append(aws.ec2.Subnet(f\"example-secondary-{range['value']}\",\n vpc_id=example_secondary.id,\n availability_zone=available_secondary.names[range[\"value\"]],\n cidr_block=example_secondary.cidr_block.apply(lambda cidr_block: std.cidrsubnet_output(input=cidr_block,\n newbits=8,\n netnum=range[\"value\"])).apply(lambda invoke: invoke.result),\n tags={\n \"Name\": \"Secondary\",\n }))\nexample_service_region = aws.directoryservice.ServiceRegion(\"example\",\n directory_id=example_directory.id,\n region_name=example.name,\n vpc_settings={\n \"vpc_id\": example_secondary.id,\n \"subnet_ids\": [__item.id for __item in example_secondary_subnet],\n },\n tags={\n \"Name\": \"Secondary\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Aws.GetRegion.Invoke();\n\n var available = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var exampleVpc = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"10.0.0.0/16\",\n Tags = \n {\n { \"Name\", \"Primary\" },\n },\n });\n\n var exampleSubnet = new List\u003cAws.Ec2.Subnet\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n exampleSubnet.Add(new Aws.Ec2.Subnet($\"example-{range.Value}\", new()\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = available.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names)[range.Value],\n CidrBlock = exampleVpc.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = range.Value,\n })).Apply(invoke =\u003e invoke.Result),\n Tags = \n {\n { \"Name\", \"Primary\" },\n },\n }));\n }\n var exampleDirectory = new Aws.DirectoryService.Directory(\"example\", new()\n {\n Name = \"example.com\",\n Password = \"SuperSecretPassw0rd\",\n Type = \"MicrosoftAD\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = exampleVpc.Id,\n SubnetIds = exampleSubnet.Select(__item =\u003e __item.Id).ToList(),\n },\n });\n\n var available_secondary = Aws.GetAvailabilityZones.Invoke(new()\n {\n State = \"available\",\n Filters = new[]\n {\n new Aws.Inputs.GetAvailabilityZonesFilterInputArgs\n {\n Name = \"opt-in-status\",\n Values = new[]\n {\n \"opt-in-not-required\",\n },\n },\n },\n });\n\n var example_secondary = new Aws.Ec2.Vpc(\"example-secondary\", new()\n {\n CidrBlock = \"10.1.0.0/16\",\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n });\n\n var example_secondarySubnet = new List\u003cAws.Ec2.Subnet\u003e();\n for (var rangeIndex = 0; rangeIndex \u003c 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n example_secondarySubnet.Add(new Aws.Ec2.Subnet($\"example-secondary-{range.Value}\", new()\n {\n VpcId = example_secondary.Id,\n AvailabilityZone = available_secondary.Apply(available_secondary =\u003e available_secondary.Apply(getAvailabilityZonesResult =\u003e getAvailabilityZonesResult.Names)[range.Value]),\n CidrBlock = example_secondary.CidrBlock.Apply(cidrBlock =\u003e Std.Cidrsubnet.Invoke(new()\n {\n Input = cidrBlock,\n Newbits = 8,\n Netnum = range.Value,\n })).Apply(invoke =\u003e invoke.Result),\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n }));\n }\n var exampleServiceRegion = new Aws.DirectoryService.ServiceRegion(\"example\", new()\n {\n DirectoryId = exampleDirectory.Id,\n RegionName = example.Apply(getRegionResult =\u003e getRegionResult.Name),\n VpcSettings = new Aws.DirectoryService.Inputs.ServiceRegionVpcSettingsArgs\n {\n VpcId = example_secondary.Id,\n SubnetIds = example_secondarySubnet.Select(__item =\u003e __item.Id).ToList(),\n },\n Tags = \n {\n { \"Name\", \"Secondary\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\nexample, err := aws.GetRegion(ctx, \u0026aws.GetRegionArgs{\n}, nil);\nif err != nil {\nreturn err\n}\navailable, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\nState: pulumi.StringRef(\"available\"),\nFilters: []aws.GetAvailabilityZonesFilter{\n{\nName: \"opt-in-status\",\nValues: []string{\n\"opt-in-not-required\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nexampleVpc, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\nCidrBlock: pulumi.String(\"10.0.0.0/16\"),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Primary\"),\n},\n})\nif err != nil {\nreturn err\n}\nvar exampleSubnet []*ec2.Subnet\nfor index := 0; index \u003c 2; index++ {\n key0 := index\n val0 := index\n__res, err := ec2.NewSubnet(ctx, fmt.Sprintf(\"example-%v\", key0), \u0026ec2.SubnetArgs{\nVpcId: exampleVpc.ID(),\nAvailabilityZone: pulumi.String(available.Names[val0]),\nCidrBlock: pulumi.String(exampleVpc.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\nreturn std.CidrsubnetResult(interface{}(std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\nInput: cidrBlock,\nNewbits: 8,\nNetnum: val0,\n}, nil))), nil\n}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\nreturn invoke.Result, nil\n}).(pulumi.StringPtrOutput)),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Primary\"),\n},\n})\nif err != nil {\nreturn err\n}\nexampleSubnet = append(exampleSubnet, __res)\n}\nexampleDirectory, err := directoryservice.NewDirectory(ctx, \"example\", \u0026directoryservice.DirectoryArgs{\nName: pulumi.String(\"example.com\"),\nPassword: pulumi.String(\"SuperSecretPassw0rd\"),\nType: pulumi.String(\"MicrosoftAD\"),\nVpcSettings: \u0026directoryservice.DirectoryVpcSettingsArgs{\nVpcId: exampleVpc.ID(),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:44,17-36),\n},\n})\nif err != nil {\nreturn err\n}\navailable_secondary, err := aws.GetAvailabilityZones(ctx, \u0026aws.GetAvailabilityZonesArgs{\nState: pulumi.StringRef(\"available\"),\nFilters: []aws.GetAvailabilityZonesFilter{\n{\nName: \"opt-in-status\",\nValues: []string{\n\"opt-in-not-required\",\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = ec2.NewVpc(ctx, \"example-secondary\", \u0026ec2.VpcArgs{\nCidrBlock: pulumi.String(\"10.1.0.0/16\"),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nvar example_secondarySubnet []*ec2.Subnet\nfor index := 0; index \u003c 2; index++ {\n key0 := index\n val0 := index\n__res, err := ec2.NewSubnet(ctx, fmt.Sprintf(\"example-secondary-%v\", key0), \u0026ec2.SubnetArgs{\nVpcId: example_secondary.ID(),\nAvailabilityZone: pulumi.String(available_secondary.Names[val0]),\nCidrBlock: pulumi.String(example_secondary.CidrBlock.ApplyT(func(cidrBlock string) (std.CidrsubnetResult, error) {\nreturn std.CidrsubnetResult(interface{}(std.CidrsubnetOutput(ctx, std.CidrsubnetOutputArgs{\nInput: cidrBlock,\nNewbits: 8,\nNetnum: val0,\n}, nil))), nil\n}).(std.CidrsubnetResultOutput).ApplyT(func(invoke std.CidrsubnetResult) (*string, error) {\nreturn invoke.Result, nil\n}).(pulumi.StringPtrOutput)),\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nexample_secondarySubnet = append(example_secondarySubnet, __res)\n}\n_, err = directoryservice.NewServiceRegion(ctx, \"example\", \u0026directoryservice.ServiceRegionArgs{\nDirectoryId: exampleDirectory.ID(),\nRegionName: pulumi.String(example.Name),\nVpcSettings: \u0026directoryservice.ServiceRegionVpcSettingsArgs{\nVpcId: example_secondary.ID(),\nSubnetIds: %!v(PANIC=Format method: fatal: A failure has occurred: unlowered splat expression @ example.pp:87,17-46),\n},\nTags: pulumi.StringMap{\n\"Name\": pulumi.String(\"Secondary\"),\n},\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.inputs.GetAvailabilityZonesArgs;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.directoryservice.Directory;\nimport com.pulumi.aws.directoryservice.DirectoryArgs;\nimport com.pulumi.aws.directoryservice.inputs.DirectoryVpcSettingsArgs;\nimport com.pulumi.aws.directoryservice.ServiceRegion;\nimport com.pulumi.aws.directoryservice.ServiceRegionArgs;\nimport com.pulumi.aws.directoryservice.inputs.ServiceRegionVpcSettingsArgs;\nimport com.pulumi.codegen.internal.KeyedValue;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = AwsFunctions.getRegion();\n\n final var available = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var exampleVpc = new Vpc(\"exampleVpc\", VpcArgs.builder()\n .cidrBlock(\"10.0.0.0/16\")\n .tags(Map.of(\"Name\", \"Primary\"))\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new Subnet(\"exampleSubnet-\" + i, SubnetArgs.builder()\n .vpcId(exampleVpc.id())\n .availabilityZone(available.applyValue(getAvailabilityZonesResult -\u003e getAvailabilityZonesResult.names())[range.value()])\n .cidrBlock(exampleVpc.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .tags(Map.of(\"Name\", \"Primary\"))\n .build());\n\n \n}\n var exampleDirectory = new Directory(\"exampleDirectory\", DirectoryArgs.builder()\n .name(\"example.com\")\n .password(\"SuperSecretPassw0rd\")\n .type(\"MicrosoftAD\")\n .vpcSettings(DirectoryVpcSettingsArgs.builder()\n .vpcId(exampleVpc.id())\n .subnetIds(exampleSubnet.stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .build());\n\n final var available-secondary = AwsFunctions.getAvailabilityZones(GetAvailabilityZonesArgs.builder()\n .state(\"available\")\n .filters(GetAvailabilityZonesFilterArgs.builder()\n .name(\"opt-in-status\")\n .values(\"opt-in-not-required\")\n .build())\n .build());\n\n var example_secondary = new Vpc(\"example-secondary\", VpcArgs.builder()\n .cidrBlock(\"10.1.0.0/16\")\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n for (var i = 0; i \u003c 2; i++) {\n new Subnet(\"example-secondarySubnet-\" + i, SubnetArgs.builder()\n .vpcId(example_secondary.id())\n .availabilityZone(available_secondary.names()[range.value()])\n .cidrBlock(example_secondary.cidrBlock().applyValue(cidrBlock -\u003e StdFunctions.cidrsubnet()).applyValue(invoke -\u003e invoke.result()))\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n \n}\n var exampleServiceRegion = new ServiceRegion(\"exampleServiceRegion\", ServiceRegionArgs.builder()\n .directoryId(exampleDirectory.id())\n .regionName(example.applyValue(getRegionResult -\u003e getRegionResult.name()))\n .vpcSettings(ServiceRegionVpcSettingsArgs.builder()\n .vpcId(example_secondary.id())\n .subnetIds(example_secondarySubnet.stream().map(element -\u003e element.id()).collect(toList()))\n .build())\n .tags(Map.of(\"Name\", \"Secondary\"))\n .build());\n\n }\n}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Replicated Regions using directory ID,Region name. For example:\n\n```sh\n$ pulumi import aws:directoryservice/serviceRegion:ServiceRegion example d-9267651497,us-east-2\n```\n", "properties": { "desiredNumberOfDomainControllers": { "type": "integer", @@ -240057,7 +240057,7 @@ } }, "aws:ec2/instance:Instance": { - "description": "Provides an EC2 instance resource. This allows instances to be created, updated, and deleted.\n\n## Example Usage\n\n### Basic example using AMI lookup\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: aws.ec2.InstanceType.T3_Micro,\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n {\n \"name\": \"name\",\n \"values\": [\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\"],\n },\n {\n \"name\": \"virtualization-type\",\n \"values\": [\"hvm\"],\n },\n ],\n owners=[\"099720109477\"])\nweb = aws.ec2.Instance(\"web\",\n ami=ubuntu.id,\n instance_type=aws.ec2.InstanceType.T3_MICRO,\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = Aws.Ec2.InstanceType.T3_Micro,\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T3_Micro),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var web = new Instance(\"web\", InstanceArgs.builder()\n .ami(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t3.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:Instance\n properties:\n ami: ${ubuntu.id}\n instanceType: t3.micro\n tags:\n Name: HelloWorld\nvariables:\n ubuntu:\n fn::invoke:\n function: aws:ec2:getAmi\n arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Spot instance example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst this = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [\n {\n name: \"architecture\",\n values: [\"arm64\"],\n },\n {\n name: \"name\",\n values: [\"al2023-ami-2023*\"],\n },\n ],\n});\nconst thisInstance = new aws.ec2.Instance(\"this\", {\n ami: _this.then(_this =\u003e _this.id),\n instanceMarketOptions: {\n marketType: \"spot\",\n spotOptions: {\n maxPrice: \"0.0031\",\n },\n },\n instanceType: aws.ec2.InstanceType.T4g_Nano,\n tags: {\n Name: \"test-spot\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[\n {\n \"name\": \"architecture\",\n \"values\": [\"arm64\"],\n },\n {\n \"name\": \"name\",\n \"values\": [\"al2023-ami-2023*\"],\n },\n ])\nthis_instance = aws.ec2.Instance(\"this\",\n ami=this.id,\n instance_market_options={\n \"market_type\": \"spot\",\n \"spot_options\": {\n \"max_price\": \"0.0031\",\n },\n },\n instance_type=aws.ec2.InstanceType.T4G_NANO,\n tags={\n \"Name\": \"test-spot\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"architecture\",\n Values = new[]\n {\n \"arm64\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"al2023-ami-2023*\",\n },\n },\n },\n });\n\n var thisInstance = new Aws.Ec2.Instance(\"this\", new()\n {\n Ami = @this.Apply(@this =\u003e @this.Apply(getAmiResult =\u003e getAmiResult.Id)),\n InstanceMarketOptions = new Aws.Ec2.Inputs.InstanceInstanceMarketOptionsArgs\n {\n MarketType = \"spot\",\n SpotOptions = new Aws.Ec2.Inputs.InstanceInstanceMarketOptionsSpotOptionsArgs\n {\n MaxPrice = \"0.0031\",\n },\n },\n InstanceType = Aws.Ec2.InstanceType.T4g_Nano,\n Tags = \n {\n { \"Name\", \"test-spot\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthis, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"architecture\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"arm64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"al2023-ami-2023*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"this\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(this.Id),\n\t\t\tInstanceMarketOptions: \u0026ec2.InstanceInstanceMarketOptionsArgs{\n\t\t\t\tMarketType: pulumi.String(\"spot\"),\n\t\t\t\tSpotOptions: \u0026ec2.InstanceInstanceMarketOptionsSpotOptionsArgs{\n\t\t\t\t\tMaxPrice: pulumi.String(\"0.0031\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T4g_Nano),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test-spot\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceInstanceMarketOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceInstanceMarketOptionsSpotOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var this = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"architecture\")\n .values(\"arm64\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"al2023-ami-2023*\")\n .build())\n .build());\n\n var thisInstance = new Instance(\"thisInstance\", InstanceArgs.builder()\n .ami(this_.id())\n .instanceMarketOptions(InstanceInstanceMarketOptionsArgs.builder()\n .marketType(\"spot\")\n .spotOptions(InstanceInstanceMarketOptionsSpotOptionsArgs.builder()\n .maxPrice(0.0031)\n .build())\n .build())\n .instanceType(\"t4g.nano\")\n .tags(Map.of(\"Name\", \"test-spot\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n thisInstance:\n type: aws:ec2:Instance\n name: this\n properties:\n ami: ${this.id}\n instanceMarketOptions:\n marketType: spot\n spotOptions:\n maxPrice: 0.0031\n instanceType: t4g.nano\n tags:\n Name: test-spot\nvariables:\n this:\n fn::invoke:\n function: aws:ec2:getAmi\n arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: architecture\n values:\n - arm64\n - name: name\n values:\n - al2023-ami-2023*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Network and credit specification example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myVpc = new aws.ec2.Vpc(\"my_vpc\", {\n cidrBlock: \"172.16.0.0/16\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst mySubnet = new aws.ec2.Subnet(\"my_subnet\", {\n vpcId: myVpc.id,\n cidrBlock: \"172.16.10.0/24\",\n availabilityZone: \"us-west-2a\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst foo = new aws.ec2.NetworkInterface(\"foo\", {\n subnetId: mySubnet.id,\n privateIps: [\"172.16.10.100\"],\n tags: {\n Name: \"primary_network_interface\",\n },\n});\nconst fooInstance = new aws.ec2.Instance(\"foo\", {\n ami: \"ami-005e54dee72cc1d00\",\n instanceType: aws.ec2.InstanceType.T2_Micro,\n networkInterfaces: [{\n networkInterfaceId: foo.id,\n deviceIndex: 0,\n }],\n creditSpecification: {\n cpuCredits: \"unlimited\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_vpc = aws.ec2.Vpc(\"my_vpc\",\n cidr_block=\"172.16.0.0/16\",\n tags={\n \"Name\": \"tf-example\",\n })\nmy_subnet = aws.ec2.Subnet(\"my_subnet\",\n vpc_id=my_vpc.id,\n cidr_block=\"172.16.10.0/24\",\n availability_zone=\"us-west-2a\",\n tags={\n \"Name\": \"tf-example\",\n })\nfoo = aws.ec2.NetworkInterface(\"foo\",\n subnet_id=my_subnet.id,\n private_ips=[\"172.16.10.100\"],\n tags={\n \"Name\": \"primary_network_interface\",\n })\nfoo_instance = aws.ec2.Instance(\"foo\",\n ami=\"ami-005e54dee72cc1d00\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n network_interfaces=[{\n \"network_interface_id\": foo.id,\n \"device_index\": 0,\n }],\n credit_specification={\n \"cpu_credits\": \"unlimited\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myVpc = new Aws.Ec2.Vpc(\"my_vpc\", new()\n {\n CidrBlock = \"172.16.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var mySubnet = new Aws.Ec2.Subnet(\"my_subnet\", new()\n {\n VpcId = myVpc.Id,\n CidrBlock = \"172.16.10.0/24\",\n AvailabilityZone = \"us-west-2a\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var foo = new Aws.Ec2.NetworkInterface(\"foo\", new()\n {\n SubnetId = mySubnet.Id,\n PrivateIps = new[]\n {\n \"172.16.10.100\",\n },\n Tags = \n {\n { \"Name\", \"primary_network_interface\" },\n },\n });\n\n var fooInstance = new Aws.Ec2.Instance(\"foo\", new()\n {\n Ami = \"ami-005e54dee72cc1d00\",\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n NetworkInterfaces = new[]\n {\n new Aws.Ec2.Inputs.InstanceNetworkInterfaceArgs\n {\n NetworkInterfaceId = foo.Id,\n DeviceIndex = 0,\n },\n },\n CreditSpecification = new Aws.Ec2.Inputs.InstanceCreditSpecificationArgs\n {\n CpuCredits = \"unlimited\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyVpc, err := ec2.NewVpc(ctx, \"my_vpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnet, err := ec2.NewSubnet(ctx, \"my_subnet\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: myVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.16.10.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewNetworkInterface(ctx, \"foo\", \u0026ec2.NetworkInterfaceArgs{\n\t\t\tSubnetId: mySubnet.ID(),\n\t\t\tPrivateIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"172.16.10.100\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"primary_network_interface\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-005e54dee72cc1d00\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tNetworkInterfaces: ec2.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026ec2.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetworkInterfaceId: foo.ID(),\n\t\t\t\t\tDeviceIndex: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCreditSpecification: \u0026ec2.InstanceCreditSpecificationArgs{\n\t\t\t\tCpuCredits: pulumi.String(\"unlimited\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.NetworkInterface;\nimport com.pulumi.aws.ec2.NetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceCreditSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myVpc = new Vpc(\"myVpc\", VpcArgs.builder()\n .cidrBlock(\"172.16.0.0/16\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var mySubnet = new Subnet(\"mySubnet\", SubnetArgs.builder()\n .vpcId(myVpc.id())\n .cidrBlock(\"172.16.10.0/24\")\n .availabilityZone(\"us-west-2a\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var foo = new NetworkInterface(\"foo\", NetworkInterfaceArgs.builder()\n .subnetId(mySubnet.id())\n .privateIps(\"172.16.10.100\")\n .tags(Map.of(\"Name\", \"primary_network_interface\"))\n .build());\n\n var fooInstance = new Instance(\"fooInstance\", InstanceArgs.builder()\n .ami(\"ami-005e54dee72cc1d00\")\n .instanceType(\"t2.micro\")\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .networkInterfaceId(foo.id())\n .deviceIndex(0)\n .build())\n .creditSpecification(InstanceCreditSpecificationArgs.builder()\n .cpuCredits(\"unlimited\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myVpc:\n type: aws:ec2:Vpc\n name: my_vpc\n properties:\n cidrBlock: 172.16.0.0/16\n tags:\n Name: tf-example\n mySubnet:\n type: aws:ec2:Subnet\n name: my_subnet\n properties:\n vpcId: ${myVpc.id}\n cidrBlock: 172.16.10.0/24\n availabilityZone: us-west-2a\n tags:\n Name: tf-example\n foo:\n type: aws:ec2:NetworkInterface\n properties:\n subnetId: ${mySubnet.id}\n privateIps:\n - 172.16.10.100\n tags:\n Name: primary_network_interface\n fooInstance:\n type: aws:ec2:Instance\n name: foo\n properties:\n ami: ami-005e54dee72cc1d00\n instanceType: t2.micro\n networkInterfaces:\n - networkInterfaceId: ${foo.id}\n deviceIndex: 0\n creditSpecification:\n cpuCredits: unlimited\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### CPU options example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"172.16.0.0/16\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst exampleSubnet = new aws.ec2.Subnet(\"example\", {\n vpcId: example.id,\n cidrBlock: \"172.16.10.0/24\",\n availabilityZone: \"us-east-2a\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst amzn-linux-2023-ami = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"al2023-ami-2023.*-x86_64\"],\n }],\n});\nconst exampleInstance = new aws.ec2.Instance(\"example\", {\n ami: amzn_linux_2023_ami.then(amzn_linux_2023_ami =\u003e amzn_linux_2023_ami.id),\n instanceType: aws.ec2.InstanceType.C6a_2XLarge,\n subnetId: exampleSubnet.id,\n cpuOptions: {\n coreCount: 2,\n threadsPerCore: 2,\n },\n tags: {\n Name: \"tf-example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.Vpc(\"example\",\n cidr_block=\"172.16.0.0/16\",\n tags={\n \"Name\": \"tf-example\",\n })\nexample_subnet = aws.ec2.Subnet(\"example\",\n vpc_id=example.id,\n cidr_block=\"172.16.10.0/24\",\n availability_zone=\"us-east-2a\",\n tags={\n \"Name\": \"tf-example\",\n })\namzn_linux_2023_ami = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[{\n \"name\": \"name\",\n \"values\": [\"al2023-ami-2023.*-x86_64\"],\n }])\nexample_instance = aws.ec2.Instance(\"example\",\n ami=amzn_linux_2023_ami.id,\n instance_type=aws.ec2.InstanceType.C6A_2_X_LARGE,\n subnet_id=example_subnet.id,\n cpu_options={\n \"core_count\": 2,\n \"threads_per_core\": 2,\n },\n tags={\n \"Name\": \"tf-example\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"172.16.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var exampleSubnet = new Aws.Ec2.Subnet(\"example\", new()\n {\n VpcId = example.Id,\n CidrBlock = \"172.16.10.0/24\",\n AvailabilityZone = \"us-east-2a\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var amzn_linux_2023_ami = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"al2023-ami-2023.*-x86_64\",\n },\n },\n },\n });\n\n var exampleInstance = new Aws.Ec2.Instance(\"example\", new()\n {\n Ami = amzn_linux_2023_ami.Apply(amzn_linux_2023_ami =\u003e amzn_linux_2023_ami.Apply(getAmiResult =\u003e getAmiResult.Id)),\n InstanceType = Aws.Ec2.InstanceType.C6a_2XLarge,\n SubnetId = exampleSubnet.Id,\n CpuOptions = new Aws.Ec2.Inputs.InstanceCpuOptionsArgs\n {\n CoreCount = 2,\n ThreadsPerCore = 2,\n },\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSubnet, err := ec2.NewSubnet(ctx, \"example\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: example.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.16.10.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tamzn_linux_2023_ami, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"al2023-ami-2023.*-x86_64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(amzn_linux_2023_ami.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_C6a_2XLarge),\n\t\t\tSubnetId: exampleSubnet.ID(),\n\t\t\tCpuOptions: \u0026ec2.InstanceCpuOptionsArgs{\n\t\t\t\tCoreCount: pulumi.Int(2),\n\t\t\t\tThreadsPerCore: pulumi.Int(2),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceCpuOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Vpc(\"example\", VpcArgs.builder()\n .cidrBlock(\"172.16.0.0/16\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder()\n .vpcId(example.id())\n .cidrBlock(\"172.16.10.0/24\")\n .availabilityZone(\"us-east-2a\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n final var amzn-linux-2023-ami = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"al2023-ami-2023.*-x86_64\")\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder()\n .ami(amzn_linux_2023_ami.id())\n .instanceType(\"c6a.2xlarge\")\n .subnetId(exampleSubnet.id())\n .cpuOptions(InstanceCpuOptionsArgs.builder()\n .coreCount(2)\n .threadsPerCore(2)\n .build())\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 172.16.0.0/16\n tags:\n Name: tf-example\n exampleSubnet:\n type: aws:ec2:Subnet\n name: example\n properties:\n vpcId: ${example.id}\n cidrBlock: 172.16.10.0/24\n availabilityZone: us-east-2a\n tags:\n Name: tf-example\n exampleInstance:\n type: aws:ec2:Instance\n name: example\n properties:\n ami: ${[\"amzn-linux-2023-ami\"].id}\n instanceType: c6a.2xlarge\n subnetId: ${exampleSubnet.id}\n cpuOptions:\n coreCount: 2\n threadsPerCore: 2\n tags:\n Name: tf-example\nvariables:\n amzn-linux-2023-ami:\n fn::invoke:\n function: aws:ec2:getAmi\n arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - al2023-ami-2023.*-x86_64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Host resource group or License Manager registered AMI example\n\nA host resource group is a collection of Dedicated Hosts that you can manage as a single entity. As you launch instances, License Manager allocates the hosts and launches instances on them based on the settings that you configured. You can add existing Dedicated Hosts to a host resource group and take advantage of automated host management through License Manager.\n\n\u003e **NOTE:** A dedicated host is automatically associated with a License Manager host resource group if **Allocate hosts automatically** is enabled. Otherwise, use the `host_resource_group_arn` argument to explicitly associate the instance with the host resource group.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _this = new aws.ec2.Instance(\"this\", {\n ami: \"ami-0dcc1e21636832c5d\",\n instanceType: aws.ec2.InstanceType.M5_Large,\n hostResourceGroupArn: \"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\",\n tenancy: \"host\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.ec2.Instance(\"this\",\n ami=\"ami-0dcc1e21636832c5d\",\n instance_type=aws.ec2.InstanceType.M5_LARGE,\n host_resource_group_arn=\"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\",\n tenancy=\"host\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = new Aws.Ec2.Instance(\"this\", new()\n {\n Ami = \"ami-0dcc1e21636832c5d\",\n InstanceType = Aws.Ec2.InstanceType.M5_Large,\n HostResourceGroupArn = \"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\",\n Tenancy = \"host\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewInstance(ctx, \"this\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-0dcc1e21636832c5d\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_M5_Large),\n\t\t\tHostResourceGroupArn: pulumi.String(\"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\"),\n\t\t\tTenancy: pulumi.String(\"host\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var this_ = new Instance(\"this\", InstanceArgs.builder()\n .ami(\"ami-0dcc1e21636832c5d\")\n .instanceType(\"m5.large\")\n .hostResourceGroupArn(\"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\")\n .tenancy(\"host\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n this:\n type: aws:ec2:Instance\n properties:\n ami: ami-0dcc1e21636832c5d\n instanceType: m5.large\n hostResourceGroupArn: arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\n tenancy: host\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Tag Guide\n\nThese are the five types of tags you might encounter relative to an `aws.ec2.Instance`:\n\n1. **Instance tags**: Applied to instances but not to `ebs_block_device` and `root_block_device` volumes.\n2. **Default tags**: Applied to the instance and to `ebs_block_device` and `root_block_device` volumes.\n3. **Volume tags**: Applied during creation to `ebs_block_device` and `root_block_device` volumes.\n4. **Root block device tags**: Applied only to the `root_block_device` volume. These conflict with `volume_tags`.\n5. **EBS block device tags**: Applied only to the specific `ebs_block_device` volume you configure them for and cannot be updated. These conflict with `volume_tags`.\n\nDo not use `volume_tags` if you plan to manage block device tags outside the `aws.ec2.Instance` configuration, such as using `tags` in an `aws.ebs.Volume` resource attached via `aws.ec2.VolumeAttachment`. Doing so will result in resource cycling and inconsistent behavior.\n\n## Import\n\nUsing `pulumi import`, import instances using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/instance:Instance web i-12345678\n```\n", + "description": "Provides an EC2 instance resource. This allows instances to be created, updated, and deleted.\n\n## Example Usage\n\n### Basic example using AMI lookup\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: ubuntu.then(ubuntu =\u003e ubuntu.id),\n instanceType: aws.ec2.InstanceType.T3_Micro,\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n {\n \"name\": \"name\",\n \"values\": [\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\"],\n },\n {\n \"name\": \"virtualization-type\",\n \"values\": [\"hvm\"],\n },\n ],\n owners=[\"099720109477\"])\nweb = aws.ec2.Instance(\"web\",\n ami=ubuntu.id,\n instance_type=aws.ec2.InstanceType.T3_MICRO,\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ubuntu = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"virtualization-type\",\n Values = new[]\n {\n \"hvm\",\n },\n },\n },\n Owners = new[]\n {\n \"099720109477\",\n },\n });\n\n var web = new Aws.Ec2.Instance(\"web\", new()\n {\n Ami = ubuntu.Apply(getAmiResult =\u003e getAmiResult.Id),\n InstanceType = Aws.Ec2.InstanceType.T3_Micro,\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tubuntu, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T3_Micro),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ubuntu = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"virtualization-type\")\n .values(\"hvm\")\n .build())\n .owners(\"099720109477\")\n .build());\n\n var web = new Instance(\"web\", InstanceArgs.builder()\n .ami(ubuntu.applyValue(getAmiResult -\u003e getAmiResult.id()))\n .instanceType(\"t3.micro\")\n .tags(Map.of(\"Name\", \"HelloWorld\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n web:\n type: aws:ec2:Instance\n properties:\n ami: ${ubuntu.id}\n instanceType: t3.micro\n tags:\n Name: HelloWorld\nvariables:\n ubuntu:\n fn::invoke:\n function: aws:ec2:getAmi\n arguments:\n mostRecent: true\n filters:\n - name: name\n values:\n - ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*\n - name: virtualization-type\n values:\n - hvm\n owners:\n - '099720109477'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Spot instance example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _this = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [\n {\n name: \"architecture\",\n values: [\"arm64\"],\n },\n {\n name: \"name\",\n values: [\"al2023-ami-2023*\"],\n },\n ],\n});\nconst thisInstance = new aws.ec2.Instance(\"this\", {\n ami: _this.then(_this =\u003e _this.id),\n instanceMarketOptions: {\n marketType: \"spot\",\n spotOptions: {\n maxPrice: \"0.0031\",\n },\n },\n instanceType: aws.ec2.InstanceType.T4g_Nano,\n tags: {\n Name: \"test-spot\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[\n {\n \"name\": \"architecture\",\n \"values\": [\"arm64\"],\n },\n {\n \"name\": \"name\",\n \"values\": [\"al2023-ami-2023*\"],\n },\n ])\nthis_instance = aws.ec2.Instance(\"this\",\n ami=this.id,\n instance_market_options={\n \"market_type\": \"spot\",\n \"spot_options\": {\n \"max_price\": \"0.0031\",\n },\n },\n instance_type=aws.ec2.InstanceType.T4G_NANO,\n tags={\n \"Name\": \"test-spot\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"architecture\",\n Values = new[]\n {\n \"arm64\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"al2023-ami-2023*\",\n },\n },\n },\n });\n\n var thisInstance = new Aws.Ec2.Instance(\"this\", new()\n {\n Ami = @this.Apply(@this =\u003e @this.Apply(getAmiResult =\u003e getAmiResult.Id)),\n InstanceMarketOptions = new Aws.Ec2.Inputs.InstanceInstanceMarketOptionsArgs\n {\n MarketType = \"spot\",\n SpotOptions = new Aws.Ec2.Inputs.InstanceInstanceMarketOptionsSpotOptionsArgs\n {\n MaxPrice = \"0.0031\",\n },\n },\n InstanceType = Aws.Ec2.InstanceType.T4g_Nano,\n Tags = \n {\n { \"Name\", \"test-spot\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthis, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"architecture\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"arm64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"al2023-ami-2023*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"this\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(this.Id),\n\t\t\tInstanceMarketOptions: \u0026ec2.InstanceInstanceMarketOptionsArgs{\n\t\t\t\tMarketType: pulumi.String(\"spot\"),\n\t\t\t\tSpotOptions: \u0026ec2.InstanceInstanceMarketOptionsSpotOptionsArgs{\n\t\t\t\t\tMaxPrice: pulumi.String(\"0.0031\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T4g_Nano),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test-spot\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceInstanceMarketOptionsArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceInstanceMarketOptionsSpotOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var this = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters( \n GetAmiFilterArgs.builder()\n .name(\"architecture\")\n .values(\"arm64\")\n .build(),\n GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"al2023-ami-2023*\")\n .build())\n .build());\n\n var thisInstance = new Instance(\"thisInstance\", InstanceArgs.builder()\n .ami(this_.id())\n .instanceMarketOptions(InstanceInstanceMarketOptionsArgs.builder()\n .marketType(\"spot\")\n .spotOptions(InstanceInstanceMarketOptionsSpotOptionsArgs.builder()\n .maxPrice(0.0031)\n .build())\n .build())\n .instanceType(\"t4g.nano\")\n .tags(Map.of(\"Name\", \"test-spot\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n thisInstance:\n type: aws:ec2:Instance\n name: this\n properties:\n ami: ${this.id}\n instanceMarketOptions:\n marketType: spot\n spotOptions:\n maxPrice: 0.0031\n instanceType: t4g.nano\n tags:\n Name: test-spot\nvariables:\n this:\n fn::invoke:\n function: aws:ec2:getAmi\n arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: architecture\n values:\n - arm64\n - name: name\n values:\n - al2023-ami-2023*\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Network and credit specification example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myVpc = new aws.ec2.Vpc(\"my_vpc\", {\n cidrBlock: \"172.16.0.0/16\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst mySubnet = new aws.ec2.Subnet(\"my_subnet\", {\n vpcId: myVpc.id,\n cidrBlock: \"172.16.10.0/24\",\n availabilityZone: \"us-west-2a\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst foo = new aws.ec2.NetworkInterface(\"foo\", {\n subnetId: mySubnet.id,\n privateIps: [\"172.16.10.100\"],\n tags: {\n Name: \"primary_network_interface\",\n },\n});\nconst fooInstance = new aws.ec2.Instance(\"foo\", {\n ami: \"ami-005e54dee72cc1d00\",\n instanceType: aws.ec2.InstanceType.T2_Micro,\n networkInterfaces: [{\n networkInterfaceId: foo.id,\n deviceIndex: 0,\n }],\n creditSpecification: {\n cpuCredits: \"unlimited\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_vpc = aws.ec2.Vpc(\"my_vpc\",\n cidr_block=\"172.16.0.0/16\",\n tags={\n \"Name\": \"tf-example\",\n })\nmy_subnet = aws.ec2.Subnet(\"my_subnet\",\n vpc_id=my_vpc.id,\n cidr_block=\"172.16.10.0/24\",\n availability_zone=\"us-west-2a\",\n tags={\n \"Name\": \"tf-example\",\n })\nfoo = aws.ec2.NetworkInterface(\"foo\",\n subnet_id=my_subnet.id,\n private_ips=[\"172.16.10.100\"],\n tags={\n \"Name\": \"primary_network_interface\",\n })\nfoo_instance = aws.ec2.Instance(\"foo\",\n ami=\"ami-005e54dee72cc1d00\",\n instance_type=aws.ec2.InstanceType.T2_MICRO,\n network_interfaces=[{\n \"network_interface_id\": foo.id,\n \"device_index\": 0,\n }],\n credit_specification={\n \"cpu_credits\": \"unlimited\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myVpc = new Aws.Ec2.Vpc(\"my_vpc\", new()\n {\n CidrBlock = \"172.16.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var mySubnet = new Aws.Ec2.Subnet(\"my_subnet\", new()\n {\n VpcId = myVpc.Id,\n CidrBlock = \"172.16.10.0/24\",\n AvailabilityZone = \"us-west-2a\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var foo = new Aws.Ec2.NetworkInterface(\"foo\", new()\n {\n SubnetId = mySubnet.Id,\n PrivateIps = new[]\n {\n \"172.16.10.100\",\n },\n Tags = \n {\n { \"Name\", \"primary_network_interface\" },\n },\n });\n\n var fooInstance = new Aws.Ec2.Instance(\"foo\", new()\n {\n Ami = \"ami-005e54dee72cc1d00\",\n InstanceType = Aws.Ec2.InstanceType.T2_Micro,\n NetworkInterfaces = new[]\n {\n new Aws.Ec2.Inputs.InstanceNetworkInterfaceArgs\n {\n NetworkInterfaceId = foo.Id,\n DeviceIndex = 0,\n },\n },\n CreditSpecification = new Aws.Ec2.Inputs.InstanceCreditSpecificationArgs\n {\n CpuCredits = \"unlimited\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyVpc, err := ec2.NewVpc(ctx, \"my_vpc\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnet, err := ec2.NewSubnet(ctx, \"my_subnet\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: myVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.16.10.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewNetworkInterface(ctx, \"foo\", \u0026ec2.NetworkInterfaceArgs{\n\t\t\tSubnetId: mySubnet.ID(),\n\t\t\tPrivateIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"172.16.10.100\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"primary_network_interface\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"foo\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-005e54dee72cc1d00\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_T2_Micro),\n\t\t\tNetworkInterfaces: ec2.InstanceNetworkInterfaceArray{\n\t\t\t\t\u0026ec2.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetworkInterfaceId: foo.ID(),\n\t\t\t\t\tDeviceIndex: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCreditSpecification: \u0026ec2.InstanceCreditSpecificationArgs{\n\t\t\t\tCpuCredits: pulumi.String(\"unlimited\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.NetworkInterface;\nimport com.pulumi.aws.ec2.NetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceNetworkInterfaceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceCreditSpecificationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myVpc = new Vpc(\"myVpc\", VpcArgs.builder()\n .cidrBlock(\"172.16.0.0/16\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var mySubnet = new Subnet(\"mySubnet\", SubnetArgs.builder()\n .vpcId(myVpc.id())\n .cidrBlock(\"172.16.10.0/24\")\n .availabilityZone(\"us-west-2a\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var foo = new NetworkInterface(\"foo\", NetworkInterfaceArgs.builder()\n .subnetId(mySubnet.id())\n .privateIps(\"172.16.10.100\")\n .tags(Map.of(\"Name\", \"primary_network_interface\"))\n .build());\n\n var fooInstance = new Instance(\"fooInstance\", InstanceArgs.builder()\n .ami(\"ami-005e54dee72cc1d00\")\n .instanceType(\"t2.micro\")\n .networkInterfaces(InstanceNetworkInterfaceArgs.builder()\n .networkInterfaceId(foo.id())\n .deviceIndex(0)\n .build())\n .creditSpecification(InstanceCreditSpecificationArgs.builder()\n .cpuCredits(\"unlimited\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myVpc:\n type: aws:ec2:Vpc\n name: my_vpc\n properties:\n cidrBlock: 172.16.0.0/16\n tags:\n Name: tf-example\n mySubnet:\n type: aws:ec2:Subnet\n name: my_subnet\n properties:\n vpcId: ${myVpc.id}\n cidrBlock: 172.16.10.0/24\n availabilityZone: us-west-2a\n tags:\n Name: tf-example\n foo:\n type: aws:ec2:NetworkInterface\n properties:\n subnetId: ${mySubnet.id}\n privateIps:\n - 172.16.10.100\n tags:\n Name: primary_network_interface\n fooInstance:\n type: aws:ec2:Instance\n name: foo\n properties:\n ami: ami-005e54dee72cc1d00\n instanceType: t2.micro\n networkInterfaces:\n - networkInterfaceId: ${foo.id}\n deviceIndex: 0\n creditSpecification:\n cpuCredits: unlimited\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### CPU options example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.Vpc(\"example\", {\n cidrBlock: \"172.16.0.0/16\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst exampleSubnet = new aws.ec2.Subnet(\"example\", {\n vpcId: example.id,\n cidrBlock: \"172.16.10.0/24\",\n availabilityZone: \"us-east-2a\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst amzn_linux_2023_ami = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"al2023-ami-2023.*-x86_64\"],\n }],\n});\nconst exampleInstance = new aws.ec2.Instance(\"example\", {\n ami: amzn_linux_2023_ami.then(amzn_linux_2023_ami =\u003e amzn_linux_2023_ami.id),\n instanceType: aws.ec2.InstanceType.C6a_2XLarge,\n subnetId: exampleSubnet.id,\n cpuOptions: {\n coreCount: 2,\n threadsPerCore: 2,\n },\n tags: {\n Name: \"tf-example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.Vpc(\"example\",\n cidr_block=\"172.16.0.0/16\",\n tags={\n \"Name\": \"tf-example\",\n })\nexample_subnet = aws.ec2.Subnet(\"example\",\n vpc_id=example.id,\n cidr_block=\"172.16.10.0/24\",\n availability_zone=\"us-east-2a\",\n tags={\n \"Name\": \"tf-example\",\n })\namzn_linux_2023_ami = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[{\n \"name\": \"name\",\n \"values\": [\"al2023-ami-2023.*-x86_64\"],\n }])\nexample_instance = aws.ec2.Instance(\"example\",\n ami=amzn_linux_2023_ami.id,\n instance_type=aws.ec2.InstanceType.C6A_2_X_LARGE,\n subnet_id=example_subnet.id,\n cpu_options={\n \"core_count\": 2,\n \"threads_per_core\": 2,\n },\n tags={\n \"Name\": \"tf-example\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.Vpc(\"example\", new()\n {\n CidrBlock = \"172.16.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var exampleSubnet = new Aws.Ec2.Subnet(\"example\", new()\n {\n VpcId = example.Id,\n CidrBlock = \"172.16.10.0/24\",\n AvailabilityZone = \"us-east-2a\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n var amzn_linux_2023_ami = Aws.Ec2.GetAmi.Invoke(new()\n {\n MostRecent = true,\n Owners = new[]\n {\n \"amazon\",\n },\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetAmiFilterInputArgs\n {\n Name = \"name\",\n Values = new[]\n {\n \"al2023-ami-2023.*-x86_64\",\n },\n },\n },\n });\n\n var exampleInstance = new Aws.Ec2.Instance(\"example\", new()\n {\n Ami = amzn_linux_2023_ami.Apply(amzn_linux_2023_ami =\u003e amzn_linux_2023_ami.Apply(getAmiResult =\u003e getAmiResult.Id)),\n InstanceType = Aws.Ec2.InstanceType.C6a_2XLarge,\n SubnetId = exampleSubnet.Id,\n CpuOptions = new Aws.Ec2.Inputs.InstanceCpuOptionsArgs\n {\n CoreCount = 2,\n ThreadsPerCore = 2,\n },\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ec2.NewVpc(ctx, \"example\", \u0026ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSubnet, err := ec2.NewSubnet(ctx, \"example\", \u0026ec2.SubnetArgs{\n\t\t\tVpcId: example.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.16.10.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tamzn_linux_2023_ami, err := ec2.LookupAmi(ctx, \u0026ec2.LookupAmiArgs{\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"al2023-ami-2023.*-x86_64\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(amzn_linux_2023_ami.Id),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_C6a_2XLarge),\n\t\t\tSubnetId: exampleSubnet.ID(),\n\t\t\tCpuOptions: \u0026ec2.InstanceCpuOptionsArgs{\n\t\t\t\tCoreCount: pulumi.Int(2),\n\t\t\t\tThreadsPerCore: pulumi.Int(2),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Vpc;\nimport com.pulumi.aws.ec2.VpcArgs;\nimport com.pulumi.aws.ec2.Subnet;\nimport com.pulumi.aws.ec2.SubnetArgs;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetAmiArgs;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport com.pulumi.aws.ec2.inputs.InstanceCpuOptionsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Vpc(\"example\", VpcArgs.builder()\n .cidrBlock(\"172.16.0.0/16\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n var exampleSubnet = new Subnet(\"exampleSubnet\", SubnetArgs.builder()\n .vpcId(example.id())\n .cidrBlock(\"172.16.10.0/24\")\n .availabilityZone(\"us-east-2a\")\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n final var amzn-linux-2023-ami = Ec2Functions.getAmi(GetAmiArgs.builder()\n .mostRecent(true)\n .owners(\"amazon\")\n .filters(GetAmiFilterArgs.builder()\n .name(\"name\")\n .values(\"al2023-ami-2023.*-x86_64\")\n .build())\n .build());\n\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder()\n .ami(amzn_linux_2023_ami.id())\n .instanceType(\"c6a.2xlarge\")\n .subnetId(exampleSubnet.id())\n .cpuOptions(InstanceCpuOptionsArgs.builder()\n .coreCount(2)\n .threadsPerCore(2)\n .build())\n .tags(Map.of(\"Name\", \"tf-example\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:Vpc\n properties:\n cidrBlock: 172.16.0.0/16\n tags:\n Name: tf-example\n exampleSubnet:\n type: aws:ec2:Subnet\n name: example\n properties:\n vpcId: ${example.id}\n cidrBlock: 172.16.10.0/24\n availabilityZone: us-east-2a\n tags:\n Name: tf-example\n exampleInstance:\n type: aws:ec2:Instance\n name: example\n properties:\n ami: ${[\"amzn-linux-2023-ami\"].id}\n instanceType: c6a.2xlarge\n subnetId: ${exampleSubnet.id}\n cpuOptions:\n coreCount: 2\n threadsPerCore: 2\n tags:\n Name: tf-example\nvariables:\n amzn-linux-2023-ami:\n fn::invoke:\n function: aws:ec2:getAmi\n arguments:\n mostRecent: true\n owners:\n - amazon\n filters:\n - name: name\n values:\n - al2023-ami-2023.*-x86_64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Host resource group or License Manager registered AMI example\n\nA host resource group is a collection of Dedicated Hosts that you can manage as a single entity. As you launch instances, License Manager allocates the hosts and launches instances on them based on the settings that you configured. You can add existing Dedicated Hosts to a host resource group and take advantage of automated host management through License Manager.\n\n\u003e **NOTE:** A dedicated host is automatically associated with a License Manager host resource group if **Allocate hosts automatically** is enabled. Otherwise, use the `host_resource_group_arn` argument to explicitly associate the instance with the host resource group.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _this = new aws.ec2.Instance(\"this\", {\n ami: \"ami-0dcc1e21636832c5d\",\n instanceType: aws.ec2.InstanceType.M5_Large,\n hostResourceGroupArn: \"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\",\n tenancy: \"host\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.ec2.Instance(\"this\",\n ami=\"ami-0dcc1e21636832c5d\",\n instance_type=aws.ec2.InstanceType.M5_LARGE,\n host_resource_group_arn=\"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\",\n tenancy=\"host\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = new Aws.Ec2.Instance(\"this\", new()\n {\n Ami = \"ami-0dcc1e21636832c5d\",\n InstanceType = Aws.Ec2.InstanceType.M5_Large,\n HostResourceGroupArn = \"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\",\n Tenancy = \"host\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewInstance(ctx, \"this\", \u0026ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-0dcc1e21636832c5d\"),\n\t\t\tInstanceType: pulumi.String(ec2.InstanceType_M5_Large),\n\t\t\tHostResourceGroupArn: pulumi.String(\"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\"),\n\t\t\tTenancy: pulumi.String(\"host\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Instance;\nimport com.pulumi.aws.ec2.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var this_ = new Instance(\"this\", InstanceArgs.builder()\n .ami(\"ami-0dcc1e21636832c5d\")\n .instanceType(\"m5.large\")\n .hostResourceGroupArn(\"arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\")\n .tenancy(\"host\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n this:\n type: aws:ec2:Instance\n properties:\n ami: ami-0dcc1e21636832c5d\n instanceType: m5.large\n hostResourceGroupArn: arn:aws:resource-groups:us-west-2:123456789012:group/win-testhost\n tenancy: host\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Tag Guide\n\nThese are the five types of tags you might encounter relative to an `aws.ec2.Instance`:\n\n1. **Instance tags**: Applied to instances but not to `ebs_block_device` and `root_block_device` volumes.\n2. **Default tags**: Applied to the instance and to `ebs_block_device` and `root_block_device` volumes.\n3. **Volume tags**: Applied during creation to `ebs_block_device` and `root_block_device` volumes.\n4. **Root block device tags**: Applied only to the `root_block_device` volume. These conflict with `volume_tags`.\n5. **EBS block device tags**: Applied only to the specific `ebs_block_device` volume you configure them for and cannot be updated. These conflict with `volume_tags`.\n\nDo not use `volume_tags` if you plan to manage block device tags outside the `aws.ec2.Instance` configuration, such as using `tags` in an `aws.ebs.Volume` resource attached via `aws.ec2.VolumeAttachment`. Doing so will result in resource cycling and inconsistent behavior.\n\n## Import\n\nUsing `pulumi import`, import instances using the `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/instance:Instance web i-12345678\n```\n", "properties": { "ami": { "type": "string", @@ -244861,7 +244861,7 @@ } }, "aws:ec2/securityGroup:SecurityGroup": { - "description": "Provides a security group resource.\n\n\u003e **NOTE:** Avoid using the `ingress` and `egress` arguments of the `aws.ec2.SecurityGroup` resource to configure in-line rules, as they struggle with managing multiple CIDR blocks, and, due to the historical lack of unique IDs, tags and descriptions. To avoid these problems, use the current best practice of the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources with one CIDR block per rule.\n\n!\u003e **WARNING:** You should not use the `aws.ec2.SecurityGroup` resource with _in-line rules_ (using the `ingress` and `egress` arguments of `aws.ec2.SecurityGroup`) in conjunction with the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources or the `aws.ec2.SecurityGroupRule` resource. Doing so may cause rule conflicts, perpetual differences, and result in rules being overwritten.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), security groups associated with Lambda Functions can take up to 45 minutes to successfully delete. To allow for successful deletion, the provider will wait for at least 45 minutes even if a shorter delete timeout is specified.\n\n\u003e **NOTE:** The `cidr_blocks` and `ipv6_cidr_blocks` parameters are optional in the `ingress` and `egress` blocks. If nothing is specified, traffic will be blocked as described in _NOTE on Egress rules_ later.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst allowTls = new aws.ec2.SecurityGroup(\"allow_tls\", {\n name: \"allow_tls\",\n description: \"Allow TLS inbound traffic and all outbound traffic\",\n vpcId: main.id,\n tags: {\n Name: \"allow_tls\",\n },\n});\nconst allowTlsIpv4 = new aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: main.cidrBlock,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowTlsIpv6 = new aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: main.ipv6CidrBlock,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowAllTrafficIpv4 = new aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: \"0.0.0.0/0\",\n ipProtocol: \"-1\",\n});\nconst allowAllTrafficIpv6 = new aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: \"::/0\",\n ipProtocol: \"-1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nallow_tls = aws.ec2.SecurityGroup(\"allow_tls\",\n name=\"allow_tls\",\n description=\"Allow TLS inbound traffic and all outbound traffic\",\n vpc_id=main[\"id\"],\n tags={\n \"Name\": \"allow_tls\",\n })\nallow_tls_ipv4 = aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=main[\"cidrBlock\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_tls_ipv6 = aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=main[\"ipv6CidrBlock\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_all_traffic_ipv4 = aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=\"0.0.0.0/0\",\n ip_protocol=\"-1\")\nallow_all_traffic_ipv6 = aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=\"::/0\",\n ip_protocol=\"-1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allowTls = new Aws.Ec2.SecurityGroup(\"allow_tls\", new()\n {\n Name = \"allow_tls\",\n Description = \"Allow TLS inbound traffic and all outbound traffic\",\n VpcId = main.Id,\n Tags = \n {\n { \"Name\", \"allow_tls\" },\n },\n });\n\n var allowTlsIpv4 = new Aws.Vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = main.CidrBlock,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowTlsIpv6 = new Aws.Vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = main.Ipv6CidrBlock,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowAllTrafficIpv4 = new Aws.Vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = \"0.0.0.0/0\",\n IpProtocol = \"-1\",\n });\n\n var allowAllTrafficIpv6 = new Aws.Vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = \"::/0\",\n IpProtocol = \"-1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tallowTls, err := ec2.NewSecurityGroup(ctx, \"allow_tls\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"allow_tls\"),\n\t\t\tDescription: pulumi.String(\"Allow TLS inbound traffic and all outbound traffic\"),\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"allow_tls\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allow_tls_ipv4\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.Any(main.CidrBlock),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allow_tls_ipv6\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.Any(main.Ipv6CidrBlock),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allow_all_traffic_ipv4\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allow_all_traffic_ipv6\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.String(\"::/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRule;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRuleArgs;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRule;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allowTls = new SecurityGroup(\"allowTls\", SecurityGroupArgs.builder()\n .name(\"allow_tls\")\n .description(\"Allow TLS inbound traffic and all outbound traffic\")\n .vpcId(main.id())\n .tags(Map.of(\"Name\", \"allow_tls\"))\n .build());\n\n var allowTlsIpv4 = new SecurityGroupIngressRule(\"allowTlsIpv4\", SecurityGroupIngressRuleArgs.builder()\n .securityGroupId(allowTls.id())\n .cidrIpv4(main.cidrBlock())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowTlsIpv6 = new SecurityGroupIngressRule(\"allowTlsIpv6\", SecurityGroupIngressRuleArgs.builder()\n .securityGroupId(allowTls.id())\n .cidrIpv6(main.ipv6CidrBlock())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowAllTrafficIpv4 = new SecurityGroupEgressRule(\"allowAllTrafficIpv4\", SecurityGroupEgressRuleArgs.builder()\n .securityGroupId(allowTls.id())\n .cidrIpv4(\"0.0.0.0/0\")\n .ipProtocol(\"-1\")\n .build());\n\n var allowAllTrafficIpv6 = new SecurityGroupEgressRule(\"allowAllTrafficIpv6\", SecurityGroupEgressRuleArgs.builder()\n .securityGroupId(allowTls.id())\n .cidrIpv6(\"::/0\")\n .ipProtocol(\"-1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowTls:\n type: aws:ec2:SecurityGroup\n name: allow_tls\n properties:\n name: allow_tls\n description: Allow TLS inbound traffic and all outbound traffic\n vpcId: ${main.id}\n tags:\n Name: allow_tls\n allowTlsIpv4:\n type: aws:vpc:SecurityGroupIngressRule\n name: allow_tls_ipv4\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: ${main.cidrBlock}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowTlsIpv6:\n type: aws:vpc:SecurityGroupIngressRule\n name: allow_tls_ipv6\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ${main.ipv6CidrBlock}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowAllTrafficIpv4:\n type: aws:vpc:SecurityGroupEgressRule\n name: allow_all_traffic_ipv4\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: 0.0.0.0/0\n ipProtocol: '-1'\n allowAllTrafficIpv6:\n type: aws:vpc:SecurityGroupEgressRule\n name: allow_all_traffic_ipv6\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ::/0\n ipProtocol: '-1'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a new Security Group inside of a VPC. When creating a new Security Group inside a VPC, **this provider will remove this default rule**, and require you specifically re-create it if you desire that rule. We feel this leads to fewer surprises in terms of controlling your egress rules. If you desire this rule to be in place, you can use this `egress` block:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n ipv6CidrBlocks: [\"::/0\"],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", egress=[{\n \"from_port\": 0,\n \"to_port\": 0,\n \"protocol\": \"-1\",\n \"cidr_blocks\": [\"0.0.0.0/0\"],\n \"ipv6_cidr_blocks\": [\"::/0\"],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Ipv6CidrBlocks = new[]\n {\n \"::/0\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"::/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .cidrBlocks(\"0.0.0.0/0\")\n .ipv6CidrBlocks(\"::/0\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n cidrBlocks:\n - 0.0.0.0/0\n ipv6CidrBlocks:\n - ::/0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nPrefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"my_endpoint\", {});\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_endpoint = aws.ec2.VpcEndpoint(\"my_endpoint\")\nexample = aws.ec2.SecurityGroup(\"example\", egress=[{\n \"from_port\": 0,\n \"to_port\": 0,\n \"protocol\": \"-1\",\n \"prefix_list_ids\": [my_endpoint.prefix_list_id],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"my_endpoint\");\n\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"my_endpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n name: my_endpoint\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList` data source.\n\n### Removing All Ingress and Egress Rules\n\nThe `ingress` and `egress` arguments are processed in attributes-as-blocks mode. Due to this, removing these arguments from the configuration will **not** cause the provider to destroy the managed rules. To subsequently remove all managed ingress and egress rules:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n name: \"sg\",\n vpcId: exampleAwsVpc.id,\n ingress: [],\n egress: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\",\n name=\"sg\",\n vpc_id=example_aws_vpc[\"id\"],\n ingress=[],\n egress=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n VpcId = exampleAwsVpc.Id,\n Ingress = new[] {},\n Egress = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"sg\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{},\n\t\t\tEgress: ec2.SecurityGroupEgressArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .name(\"sg\")\n .vpcId(exampleAwsVpc.id())\n .ingress()\n .egress()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n vpcId: ${exampleAwsVpc.id}\n ingress: []\n egress: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Recreating a Security Group\n\nA simple security group `name` change \"forces new\" the security group--the provider destroys the security group and creates a new one. (Likewise, `description`, `name_prefix`, or `vpc_id` [cannot be changed](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#creating-security-group).) Attempting to recreate the security group leads to a variety of complications depending on how it is used.\n\nSecurity groups are generally associated with other resources--**more than 100** AWS Provider resources reference security groups. Referencing a resource from another resource creates a one-way dependency. For example, if you create an EC2 `aws.ec2.Instance` that has a `vpc_security_group_ids` argument that refers to an `aws.ec2.SecurityGroup` resource, the `aws.ec2.SecurityGroup` is a dependent of the `aws.ec2.Instance`. Because of this, the provider will create the security group first so that it can then be associated with the EC2 instance.\n\nHowever, the dependency relationship actually goes both directions causing the _Security Group Deletion Problem_. AWS does not allow you to delete the security group associated with another resource (_e.g._, the `aws.ec2.Instance`).\n\nThe provider does not model bi-directional dependencies like this, but, even if it did, simply knowing the dependency situation would not be enough to solve it. For example, some resources must always have an associated security group while others don't need to. In addition, when the `aws.ec2.SecurityGroup` resource attempts to recreate, it receives a dependent object error, which does not provide information on whether the dependent object is a security group rule or, for example, an associated EC2 instance. Within the provider, the associated resource (_e.g._, `aws.ec2.Instance`) does not receive an error when the `aws.ec2.SecurityGroup` is trying to recreate even though that is where changes to the associated resource would need to take place (_e.g._, removing the security group association).\n\nDespite these sticky problems, below are some ways to improve your experience when you find it necessary to recreate a security group.\n\n### Shorter timeout\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nIf destroying a security group takes a long time, it may be because the provider cannot distinguish between a dependent object (_e.g._, a security group rule or EC2 instance) that is _in the process of being deleted_ and one that is not. In other words, it may be waiting for a train that isn't scheduled to arrive. To fail faster, shorten the `delete` timeout from the default timeout:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {name: \"izizavle\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", name=\"izizavle\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"izizavle\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"izizavle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .name(\"izizavle\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: izizavle\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Provisioners\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\n**DISCLAIMER:** We **_HIGHLY_** recommend using one of the above approaches and _NOT_ using local provisioners. Provisioners, like the one shown below, should be considered a **last resort** since they are _not readable_, _require skills outside standard configuration_, are _error prone_ and _difficult to maintain_, are not compatible with cloud environments and upgrade tools, require AWS CLI installation, and are subject to changes outside the AWS Provider.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as _null from \"@pulumi/null\";\nimport * as aws from \"@pulumi/aws\";\nimport * as command from \"@pulumi/command\";\nimport * as std from \"@pulumi/std\";\n\nconst default = aws.ec2.getSecurityGroup({\n name: \"default\",\n});\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n name: \"sg\",\n tags: {\n workaround1: \"tagged-name\",\n workaround2: _default.then(_default =\u003e _default.id),\n },\n});\nconst exampleProvisioner0 = new command.local.Command(\"exampleProvisioner0\", {\n create: \"true\",\n update: \"true\",\n \"delete\": ` ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=${tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids ${tags.workaround2} --remove-security-group-ids ${id}\n`,\n}, {\n dependsOn: [example],\n});\nconst exampleResource = new _null.Resource(\"example\", {triggers: {\n rerun_upon_change_of: std.join({\n separator: \",\",\n input: exampleAwsVpcEndpoint.securityGroupIds,\n }).then(invoke =\u003e invoke.result),\n}});\nconst exampleResourceProvisioner0 = new command.local.Command(\"exampleResourceProvisioner0\", {create: ` aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${exampleAwsVpcEndpoint.id} --remove-security-group-ids ${_default.id}\n`}, {\n dependsOn: [exampleResource],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_command as command\nimport pulumi_null as null\nimport pulumi_std as std\n\ndefault = aws.ec2.get_security_group(name=\"default\")\nexample = aws.ec2.SecurityGroup(\"example\",\n name=\"sg\",\n tags={\n \"workaround1\": \"tagged-name\",\n \"workaround2\": default.id,\n })\nexample_provisioner0 = command.local.Command(\"exampleProvisioner0\",\n create=true,\n update=true,\n delete=f ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values={tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${{ENDPOINT_ID}} --add-security-group-ids {tags.workaround2} --remove-security-group-ids {id}\n,\n opts = pulumi.ResourceOptions(depends_on=[example]))\nexample_resource = null.Resource(\"example\", triggers={\n \"rerun_upon_change_of\": std.join(separator=\",\",\n input=example_aws_vpc_endpoint[\"securityGroupIds\"]).result,\n})\nexample_resource_provisioner0 = command.local.Command(\"exampleResourceProvisioner0\", create=f aws ec2 modify-vpc-endpoint --vpc-endpoint-id {example_aws_vpc_endpoint.id} --remove-security-group-ids {default.id}\n,\nopts = pulumi.ResourceOptions(depends_on=[example_resource]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Command = Pulumi.Command;\nusing Null = Pulumi.Null;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetSecurityGroup.Invoke(new()\n {\n Name = \"default\",\n });\n\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n Tags = \n {\n { \"workaround1\", \"tagged-name\" },\n { \"workaround2\", @default.Apply(@default =\u003e @default.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.Id)) },\n },\n });\n\n var exampleProvisioner0 = new Command.Local.Command(\"exampleProvisioner0\", new()\n {\n Create = \"true\",\n Update = \"true\",\n Delete = @$\" ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"\"Name=tag:Name,Values={tags.Workaround1}\"\" --query \"\"VpcEndpoints[0].VpcEndpointId\"\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${{ENDPOINT_ID}} --add-security-group-ids {tags.Workaround2} --remove-security-group-ids {id}\n\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n },\n });\n\n var exampleResource = new Null.Resource(\"example\", new()\n {\n Triggers = \n {\n { \"rerun_upon_change_of\", Std.Join.Invoke(new()\n {\n Separator = \",\",\n Input = exampleAwsVpcEndpoint.SecurityGroupIds,\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleResourceProvisioner0 = new Command.Local.Command(\"exampleResourceProvisioner0\", new()\n {\n Create = @$\" aws ec2 modify-vpc-endpoint --vpc-endpoint-id {exampleAwsVpcEndpoint.Id} --remove-security-group-ids {@default.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.Id)}\n\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n exampleResource,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-command/sdk/go/command/local\"\n\t\"github.com/pulumi/pulumi-null/sdk/go/null\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := ec2.LookupSecurityGroup(ctx, \u0026ec2.LookupSecurityGroupArgs{\n\t\t\tName: pulumi.StringRef(\"default\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"sg\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"workaround1\": pulumi.String(\"tagged-name\"),\n\t\t\t\t\"workaround2\": pulumi.String(_default.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = local.NewCommand(ctx, \"exampleProvisioner0\", \u0026local.CommandArgs{\n\t\t\tCreate: \"true\",\n\t\t\tUpdate: \"true\",\n\t\t\tDelete: fmt.Sprintf(\" ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \\\"Name=tag:Name,Values=%v\\\" --query \\\"VpcEndpoints[0].VpcEndpointId\\\" --output text` \u0026\u0026\\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids %v --remove-security-group-ids %v\\n\", tags.Workaround1, tags.Workaround2, id),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \",\",\n\t\t\tInput: exampleAwsVpcEndpoint.SecurityGroupIds,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleResource, err := null.NewResource(ctx, \"example\", \u0026null.ResourceArgs{\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"rerun_upon_change_of\": pulumi.String(invokeJoin.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = local.NewCommand(ctx, \"exampleResourceProvisioner0\", \u0026local.CommandArgs{\n\t\t\tCreate: fmt.Sprintf(\" aws ec2 modify-vpc-endpoint --vpc-endpoint-id %v --remove-security-group-ids %v\\n\", exampleAwsVpcEndpoint.Id, _default.Id),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleResource,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.command.local.Command;\nimport com.pulumi.command.local.CommandArgs;\nimport com.pulumi.null.Resource;\nimport com.pulumi.null.ResourceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getSecurityGroup(GetSecurityGroupArgs.builder()\n .name(\"default\")\n .build());\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .name(\"sg\")\n .tags(Map.ofEntries(\n Map.entry(\"workaround1\", \"tagged-name\"),\n Map.entry(\"workaround2\", default_.id())\n ))\n .build());\n\n var exampleProvisioner0 = new Command(\"exampleProvisioner0\", CommandArgs.builder()\n .create(\"true\")\n .update(\"true\")\n .delete(\"\"\"\n ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=%s\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids %s --remove-security-group-ids %s\n\", tags.workaround1(),tags.workaround2(),id))\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder()\n .triggers(Map.of(\"rerun_upon_change_of\", StdFunctions.join(JoinArgs.builder()\n .separator(\",\")\n .input(exampleAwsVpcEndpoint.securityGroupIds())\n .build()).result()))\n .build());\n\n var exampleResourceProvisioner0 = new Command(\"exampleResourceProvisioner0\", CommandArgs.builder()\n .create(\"\"\"\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id %s --remove-security-group-ids %s\n\", exampleAwsVpcEndpoint.id(),default_.id()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleResource)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n tags:\n workaround1: tagged-name\n workaround2: ${default.id}\n exampleProvisioner0:\n type: command:local:Command\n properties:\n create: 'true'\n update: 'true'\n delete: |2\n ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=${tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id $${ENDPOINT_ID} --add-security-group-ids ${tags.workaround2} --remove-security-group-ids ${id}\n options:\n dependsOn:\n - ${example}\n exampleResource:\n type: null:Resource\n name: example\n properties:\n triggers:\n rerun_upon_change_of:\n fn::invoke:\n function: std:join\n arguments:\n separator: ','\n input: ${exampleAwsVpcEndpoint.securityGroupIds}\n return: result\n exampleResourceProvisioner0:\n type: command:local:Command\n properties:\n create: |2\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${exampleAwsVpcEndpoint.id} --remove-security-group-ids ${default.id}\n options:\n dependsOn:\n - ${exampleResource}\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getSecurityGroup\n arguments:\n name: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Security Groups using the security group `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8\n```\n", + "description": "Provides a security group resource.\n\n\u003e **NOTE:** Avoid using the `ingress` and `egress` arguments of the `aws.ec2.SecurityGroup` resource to configure in-line rules, as they struggle with managing multiple CIDR blocks, and, due to the historical lack of unique IDs, tags and descriptions. To avoid these problems, use the current best practice of the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources with one CIDR block per rule.\n\n!\u003e **WARNING:** You should not use the `aws.ec2.SecurityGroup` resource with _in-line rules_ (using the `ingress` and `egress` arguments of `aws.ec2.SecurityGroup`) in conjunction with the `aws.vpc.SecurityGroupEgressRule` and `aws.vpc.SecurityGroupIngressRule` resources or the `aws.ec2.SecurityGroupRule` resource. Doing so may cause rule conflicts, perpetual differences, and result in rules being overwritten.\n\n\u003e **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n\u003e **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), security groups associated with Lambda Functions can take up to 45 minutes to successfully delete. To allow for successful deletion, the provider will wait for at least 45 minutes even if a shorter delete timeout is specified.\n\n\u003e **NOTE:** The `cidr_blocks` and `ipv6_cidr_blocks` parameters are optional in the `ingress` and `egress` blocks. If nothing is specified, traffic will be blocked as described in _NOTE on Egress rules_ later.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst allowTls = new aws.ec2.SecurityGroup(\"allow_tls\", {\n name: \"allow_tls\",\n description: \"Allow TLS inbound traffic and all outbound traffic\",\n vpcId: main.id,\n tags: {\n Name: \"allow_tls\",\n },\n});\nconst allowTlsIpv4 = new aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: main.cidrBlock,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowTlsIpv6 = new aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: main.ipv6CidrBlock,\n fromPort: 443,\n ipProtocol: \"tcp\",\n toPort: 443,\n});\nconst allowAllTrafficIpv4 = new aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\", {\n securityGroupId: allowTls.id,\n cidrIpv4: \"0.0.0.0/0\",\n ipProtocol: \"-1\",\n});\nconst allowAllTrafficIpv6 = new aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\", {\n securityGroupId: allowTls.id,\n cidrIpv6: \"::/0\",\n ipProtocol: \"-1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nallow_tls = aws.ec2.SecurityGroup(\"allow_tls\",\n name=\"allow_tls\",\n description=\"Allow TLS inbound traffic and all outbound traffic\",\n vpc_id=main[\"id\"],\n tags={\n \"Name\": \"allow_tls\",\n })\nallow_tls_ipv4 = aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=main[\"cidrBlock\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_tls_ipv6 = aws.vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=main[\"ipv6CidrBlock\"],\n from_port=443,\n ip_protocol=\"tcp\",\n to_port=443)\nallow_all_traffic_ipv4 = aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\",\n security_group_id=allow_tls.id,\n cidr_ipv4=\"0.0.0.0/0\",\n ip_protocol=\"-1\")\nallow_all_traffic_ipv6 = aws.vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\",\n security_group_id=allow_tls.id,\n cidr_ipv6=\"::/0\",\n ip_protocol=\"-1\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var allowTls = new Aws.Ec2.SecurityGroup(\"allow_tls\", new()\n {\n Name = \"allow_tls\",\n Description = \"Allow TLS inbound traffic and all outbound traffic\",\n VpcId = main.Id,\n Tags = \n {\n { \"Name\", \"allow_tls\" },\n },\n });\n\n var allowTlsIpv4 = new Aws.Vpc.SecurityGroupIngressRule(\"allow_tls_ipv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = main.CidrBlock,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowTlsIpv6 = new Aws.Vpc.SecurityGroupIngressRule(\"allow_tls_ipv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = main.Ipv6CidrBlock,\n FromPort = 443,\n IpProtocol = \"tcp\",\n ToPort = 443,\n });\n\n var allowAllTrafficIpv4 = new Aws.Vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv4\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv4 = \"0.0.0.0/0\",\n IpProtocol = \"-1\",\n });\n\n var allowAllTrafficIpv6 = new Aws.Vpc.SecurityGroupEgressRule(\"allow_all_traffic_ipv6\", new()\n {\n SecurityGroupId = allowTls.Id,\n CidrIpv6 = \"::/0\",\n IpProtocol = \"-1\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/vpc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tallowTls, err := ec2.NewSecurityGroup(ctx, \"allow_tls\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"allow_tls\"),\n\t\t\tDescription: pulumi.String(\"Allow TLS inbound traffic and all outbound traffic\"),\n\t\t\tVpcId: pulumi.Any(main.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"allow_tls\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allow_tls_ipv4\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.Any(main.CidrBlock),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupIngressRule(ctx, \"allow_tls_ipv6\", \u0026vpc.SecurityGroupIngressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.Any(main.Ipv6CidrBlock),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tIpProtocol: pulumi.String(\"tcp\"),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allow_all_traffic_ipv4\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv4: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = vpc.NewSecurityGroupEgressRule(ctx, \"allow_all_traffic_ipv6\", \u0026vpc.SecurityGroupEgressRuleArgs{\n\t\t\tSecurityGroupId: allowTls.ID(),\n\t\t\tCidrIpv6: pulumi.String(\"::/0\"),\n\t\t\tIpProtocol: pulumi.String(\"-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRule;\nimport com.pulumi.aws.vpc.SecurityGroupIngressRuleArgs;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRule;\nimport com.pulumi.aws.vpc.SecurityGroupEgressRuleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var allowTls = new SecurityGroup(\"allowTls\", SecurityGroupArgs.builder()\n .name(\"allow_tls\")\n .description(\"Allow TLS inbound traffic and all outbound traffic\")\n .vpcId(main.id())\n .tags(Map.of(\"Name\", \"allow_tls\"))\n .build());\n\n var allowTlsIpv4 = new SecurityGroupIngressRule(\"allowTlsIpv4\", SecurityGroupIngressRuleArgs.builder()\n .securityGroupId(allowTls.id())\n .cidrIpv4(main.cidrBlock())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowTlsIpv6 = new SecurityGroupIngressRule(\"allowTlsIpv6\", SecurityGroupIngressRuleArgs.builder()\n .securityGroupId(allowTls.id())\n .cidrIpv6(main.ipv6CidrBlock())\n .fromPort(443)\n .ipProtocol(\"tcp\")\n .toPort(443)\n .build());\n\n var allowAllTrafficIpv4 = new SecurityGroupEgressRule(\"allowAllTrafficIpv4\", SecurityGroupEgressRuleArgs.builder()\n .securityGroupId(allowTls.id())\n .cidrIpv4(\"0.0.0.0/0\")\n .ipProtocol(\"-1\")\n .build());\n\n var allowAllTrafficIpv6 = new SecurityGroupEgressRule(\"allowAllTrafficIpv6\", SecurityGroupEgressRuleArgs.builder()\n .securityGroupId(allowTls.id())\n .cidrIpv6(\"::/0\")\n .ipProtocol(\"-1\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n allowTls:\n type: aws:ec2:SecurityGroup\n name: allow_tls\n properties:\n name: allow_tls\n description: Allow TLS inbound traffic and all outbound traffic\n vpcId: ${main.id}\n tags:\n Name: allow_tls\n allowTlsIpv4:\n type: aws:vpc:SecurityGroupIngressRule\n name: allow_tls_ipv4\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: ${main.cidrBlock}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowTlsIpv6:\n type: aws:vpc:SecurityGroupIngressRule\n name: allow_tls_ipv6\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ${main.ipv6CidrBlock}\n fromPort: 443\n ipProtocol: tcp\n toPort: 443\n allowAllTrafficIpv4:\n type: aws:vpc:SecurityGroupEgressRule\n name: allow_all_traffic_ipv4\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv4: 0.0.0.0/0\n ipProtocol: '-1'\n allowAllTrafficIpv6:\n type: aws:vpc:SecurityGroupEgressRule\n name: allow_all_traffic_ipv6\n properties:\n securityGroupId: ${allowTls.id}\n cidrIpv6: ::/0\n ipProtocol: '-1'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\u003e **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a new Security Group inside of a VPC. When creating a new Security Group inside a VPC, **this provider will remove this default rule**, and require you specifically re-create it if you desire that rule. We feel this leads to fewer surprises in terms of controlling your egress rules. If you desire this rule to be in place, you can use this `egress` block:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n ipv6CidrBlocks: [\"::/0\"],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", egress=[{\n \"from_port\": 0,\n \"to_port\": 0,\n \"protocol\": \"-1\",\n \"cidr_blocks\": [\"0.0.0.0/0\"],\n \"ipv6_cidr_blocks\": [\"::/0\"],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = new[]\n {\n \"0.0.0.0/0\",\n },\n Ipv6CidrBlocks = new[]\n {\n \"::/0\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"::/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .cidrBlocks(\"0.0.0.0/0\")\n .ipv6CidrBlocks(\"::/0\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n cidrBlocks:\n - 0.0.0.0/0\n ipv6CidrBlocks:\n - ::/0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nPrefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"my_endpoint\", {});\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_endpoint = aws.ec2.VpcEndpoint(\"my_endpoint\")\nexample = aws.ec2.SecurityGroup(\"example\", egress=[{\n \"from_port\": 0,\n \"to_port\": 0,\n \"protocol\": \"-1\",\n \"prefix_list_ids\": [my_endpoint.prefix_list_id],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"my_endpoint\");\n\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Egress = new[]\n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = new[]\n {\n myEndpoint.PrefixListId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"my_endpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t\u0026ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.VpcEndpoint;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.aws.ec2.inputs.SecurityGroupEgressArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myEndpoint = new VpcEndpoint(\"myEndpoint\");\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .egress(SecurityGroupEgressArgs.builder()\n .fromPort(0)\n .toPort(0)\n .protocol(\"-1\")\n .prefixListIds(myEndpoint.prefixListId())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n egress:\n - fromPort: 0\n toPort: 0\n protocol: '-1'\n prefixListIds:\n - ${myEndpoint.prefixListId}\n myEndpoint:\n type: aws:ec2:VpcEndpoint\n name: my_endpoint\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList` data source.\n\n### Removing All Ingress and Egress Rules\n\nThe `ingress` and `egress` arguments are processed in attributes-as-blocks mode. Due to this, removing these arguments from the configuration will **not** cause the provider to destroy the managed rules. To subsequently remove all managed ingress and egress rules:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n name: \"sg\",\n vpcId: exampleAwsVpc.id,\n ingress: [],\n egress: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\",\n name=\"sg\",\n vpc_id=example_aws_vpc[\"id\"],\n ingress=[],\n egress=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n VpcId = exampleAwsVpc.Id,\n Ingress = new[] {},\n Egress = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"sg\"),\n\t\t\tVpcId: pulumi.Any(exampleAwsVpc.Id),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{},\n\t\t\tEgress: ec2.SecurityGroupEgressArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .name(\"sg\")\n .vpcId(exampleAwsVpc.id())\n .ingress()\n .egress()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n vpcId: ${exampleAwsVpc.id}\n ingress: []\n egress: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Recreating a Security Group\n\nA simple security group `name` change \"forces new\" the security group--the provider destroys the security group and creates a new one. (Likewise, `description`, `name_prefix`, or `vpc_id` [cannot be changed](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-security-groups.html#creating-security-group).) Attempting to recreate the security group leads to a variety of complications depending on how it is used.\n\nSecurity groups are generally associated with other resources--**more than 100** AWS Provider resources reference security groups. Referencing a resource from another resource creates a one-way dependency. For example, if you create an EC2 `aws.ec2.Instance` that has a `vpc_security_group_ids` argument that refers to an `aws.ec2.SecurityGroup` resource, the `aws.ec2.SecurityGroup` is a dependent of the `aws.ec2.Instance`. Because of this, the provider will create the security group first so that it can then be associated with the EC2 instance.\n\nHowever, the dependency relationship actually goes both directions causing the _Security Group Deletion Problem_. AWS does not allow you to delete the security group associated with another resource (_e.g._, the `aws.ec2.Instance`).\n\nThe provider does not model bi-directional dependencies like this, but, even if it did, simply knowing the dependency situation would not be enough to solve it. For example, some resources must always have an associated security group while others don't need to. In addition, when the `aws.ec2.SecurityGroup` resource attempts to recreate, it receives a dependent object error, which does not provide information on whether the dependent object is a security group rule or, for example, an associated EC2 instance. Within the provider, the associated resource (_e.g._, `aws.ec2.Instance`) does not receive an error when the `aws.ec2.SecurityGroup` is trying to recreate even though that is where changes to the associated resource would need to take place (_e.g._, removing the security group association).\n\nDespite these sticky problems, below are some ways to improve your experience when you find it necessary to recreate a security group.\n\n### Shorter timeout\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\nIf destroying a security group takes a long time, it may be because the provider cannot distinguish between a dependent object (_e.g._, a security group rule or EC2 instance) that is _in the process of being deleted_ and one that is not. In other words, it may be waiting for a train that isn't scheduled to arrive. To fail faster, shorten the `delete` timeout from the default timeout:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {name: \"izizavle\"});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", name=\"izizavle\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"izizavle\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"izizavle\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .name(\"izizavle\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: izizavle\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Provisioners\n\n(This example is one approach to recreating security groups. For more information on the challenges and the _Security Group Deletion Problem_, see the section above.)\n\n**DISCLAIMER:** We **_HIGHLY_** recommend using one of the above approaches and _NOT_ using local provisioners. Provisioners, like the one shown below, should be considered a **last resort** since they are _not readable_, _require skills outside standard configuration_, are _error prone_ and _difficult to maintain_, are not compatible with cloud environments and upgrade tools, require AWS CLI installation, and are subject to changes outside the AWS Provider.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as _null from \"@pulumi/null\";\nimport * as aws from \"@pulumi/aws\";\nimport * as command from \"@pulumi/command\";\nimport * as std from \"@pulumi/std\";\n\nconst _default = aws.ec2.getSecurityGroup({\n name: \"default\",\n});\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n name: \"sg\",\n tags: {\n workaround1: \"tagged-name\",\n workaround2: _default.then(_default =\u003e _default.id),\n },\n});\nconst exampleProvisioner0 = new command.local.Command(\"exampleProvisioner0\", {\n create: \"true\",\n update: \"true\",\n \"delete\": ` ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=${tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids ${tags.workaround2} --remove-security-group-ids ${id}\n`,\n}, {\n dependsOn: [example],\n});\nconst exampleResource = new _null.Resource(\"example\", {triggers: {\n rerun_upon_change_of: std.join({\n separator: \",\",\n input: exampleAwsVpcEndpoint.securityGroupIds,\n }).then(invoke =\u003e invoke.result),\n}});\nconst exampleResourceProvisioner0 = new command.local.Command(\"exampleResourceProvisioner0\", {create: ` aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${exampleAwsVpcEndpoint.id} --remove-security-group-ids ${_default.id}\n`}, {\n dependsOn: [exampleResource],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_command as command\nimport pulumi_null as null\nimport pulumi_std as std\n\ndefault = aws.ec2.get_security_group(name=\"default\")\nexample = aws.ec2.SecurityGroup(\"example\",\n name=\"sg\",\n tags={\n \"workaround1\": \"tagged-name\",\n \"workaround2\": default.id,\n })\nexample_provisioner0 = command.local.Command(\"exampleProvisioner0\",\n create=true,\n update=true,\n delete=f ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values={tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${{ENDPOINT_ID}} --add-security-group-ids {tags.workaround2} --remove-security-group-ids {id}\n,\n opts = pulumi.ResourceOptions(depends_on=[example]))\nexample_resource = null.Resource(\"example\", triggers={\n \"rerun_upon_change_of\": std.join(separator=\",\",\n input=example_aws_vpc_endpoint[\"securityGroupIds\"]).result,\n})\nexample_resource_provisioner0 = command.local.Command(\"exampleResourceProvisioner0\", create=f aws ec2 modify-vpc-endpoint --vpc-endpoint-id {example_aws_vpc_endpoint.id} --remove-security-group-ids {default.id}\n,\nopts = pulumi.ResourceOptions(depends_on=[example_resource]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Command = Pulumi.Command;\nusing Null = Pulumi.Null;\nusing Std = Pulumi.Std;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetSecurityGroup.Invoke(new()\n {\n Name = \"default\",\n });\n\n var example = new Aws.Ec2.SecurityGroup(\"example\", new()\n {\n Name = \"sg\",\n Tags = \n {\n { \"workaround1\", \"tagged-name\" },\n { \"workaround2\", @default.Apply(@default =\u003e @default.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.Id)) },\n },\n });\n\n var exampleProvisioner0 = new Command.Local.Command(\"exampleProvisioner0\", new()\n {\n Create = \"true\",\n Update = \"true\",\n Delete = @$\" ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"\"Name=tag:Name,Values={tags.Workaround1}\"\" --query \"\"VpcEndpoints[0].VpcEndpointId\"\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${{ENDPOINT_ID}} --add-security-group-ids {tags.Workaround2} --remove-security-group-ids {id}\n\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n example,\n },\n });\n\n var exampleResource = new Null.Resource(\"example\", new()\n {\n Triggers = \n {\n { \"rerun_upon_change_of\", Std.Join.Invoke(new()\n {\n Separator = \",\",\n Input = exampleAwsVpcEndpoint.SecurityGroupIds,\n }).Apply(invoke =\u003e invoke.Result) },\n },\n });\n\n var exampleResourceProvisioner0 = new Command.Local.Command(\"exampleResourceProvisioner0\", new()\n {\n Create = @$\" aws ec2 modify-vpc-endpoint --vpc-endpoint-id {exampleAwsVpcEndpoint.Id} --remove-security-group-ids {@default.Apply(getSecurityGroupResult =\u003e getSecurityGroupResult.Id)}\n\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n exampleResource,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-command/sdk/go/command/local\"\n\t\"github.com/pulumi/pulumi-null/sdk/go/null\"\n\t\"github.com/pulumi/pulumi-std/sdk/go/std\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := ec2.LookupSecurityGroup(ctx, \u0026ec2.LookupSecurityGroupArgs{\n\t\t\tName: pulumi.StringRef(\"default\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewSecurityGroup(ctx, \"example\", \u0026ec2.SecurityGroupArgs{\n\t\t\tName: pulumi.String(\"sg\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"workaround1\": pulumi.String(\"tagged-name\"),\n\t\t\t\t\"workaround2\": pulumi.String(_default.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = local.NewCommand(ctx, \"exampleProvisioner0\", \u0026local.CommandArgs{\n\t\t\tCreate: \"true\",\n\t\t\tUpdate: \"true\",\n\t\t\tDelete: fmt.Sprintf(\" ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \\\"Name=tag:Name,Values=%v\\\" --query \\\"VpcEndpoints[0].VpcEndpointId\\\" --output text` \u0026\u0026\\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids %v --remove-security-group-ids %v\\n\", tags.Workaround1, tags.Workaround2, id),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinvokeJoin, err := std.Join(ctx, \u0026std.JoinArgs{\n\t\t\tSeparator: \",\",\n\t\t\tInput: exampleAwsVpcEndpoint.SecurityGroupIds,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleResource, err := null.NewResource(ctx, \"example\", \u0026null.ResourceArgs{\n\t\t\tTriggers: pulumi.StringMap{\n\t\t\t\t\"rerun_upon_change_of\": pulumi.String(invokeJoin.Result),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = local.NewCommand(ctx, \"exampleResourceProvisioner0\", \u0026local.CommandArgs{\n\t\t\tCreate: fmt.Sprintf(\" aws ec2 modify-vpc-endpoint --vpc-endpoint-id %v --remove-security-group-ids %v\\n\", exampleAwsVpcEndpoint.Id, _default.Id),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleResource,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetSecurityGroupArgs;\nimport com.pulumi.aws.ec2.SecurityGroup;\nimport com.pulumi.aws.ec2.SecurityGroupArgs;\nimport com.pulumi.command.local.Command;\nimport com.pulumi.command.local.CommandArgs;\nimport com.pulumi.null.Resource;\nimport com.pulumi.null.ResourceArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getSecurityGroup(GetSecurityGroupArgs.builder()\n .name(\"default\")\n .build());\n\n var example = new SecurityGroup(\"example\", SecurityGroupArgs.builder()\n .name(\"sg\")\n .tags(Map.ofEntries(\n Map.entry(\"workaround1\", \"tagged-name\"),\n Map.entry(\"workaround2\", default_.id())\n ))\n .build());\n\n var exampleProvisioner0 = new Command(\"exampleProvisioner0\", CommandArgs.builder()\n .create(\"true\")\n .update(\"true\")\n .delete(\"\"\"\n ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=%s\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${ENDPOINT_ID} --add-security-group-ids %s --remove-security-group-ids %s\n\", tags.workaround1(),tags.workaround2(),id))\n .build(), CustomResourceOptions.builder()\n .dependsOn(example)\n .build());\n\n var exampleResource = new Resource(\"exampleResource\", ResourceArgs.builder()\n .triggers(Map.of(\"rerun_upon_change_of\", StdFunctions.join(JoinArgs.builder()\n .separator(\",\")\n .input(exampleAwsVpcEndpoint.securityGroupIds())\n .build()).result()))\n .build());\n\n var exampleResourceProvisioner0 = new Command(\"exampleResourceProvisioner0\", CommandArgs.builder()\n .create(\"\"\"\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id %s --remove-security-group-ids %s\n\", exampleAwsVpcEndpoint.id(),default_.id()))\n .build(), CustomResourceOptions.builder()\n .dependsOn(exampleResource)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:ec2:SecurityGroup\n properties:\n name: sg\n tags:\n workaround1: tagged-name\n workaround2: ${default.id}\n exampleProvisioner0:\n type: command:local:Command\n properties:\n create: 'true'\n update: 'true'\n delete: |2\n ENDPOINT_ID=`aws ec2 describe-vpc-endpoints --filters \"Name=tag:Name,Values=${tags.workaround1}\" --query \"VpcEndpoints[0].VpcEndpointId\" --output text` \u0026\u0026\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id $${ENDPOINT_ID} --add-security-group-ids ${tags.workaround2} --remove-security-group-ids ${id}\n options:\n dependsOn:\n - ${example}\n exampleResource:\n type: null:Resource\n name: example\n properties:\n triggers:\n rerun_upon_change_of:\n fn::invoke:\n function: std:join\n arguments:\n separator: ','\n input: ${exampleAwsVpcEndpoint.securityGroupIds}\n return: result\n exampleResourceProvisioner0:\n type: command:local:Command\n properties:\n create: |2\n aws ec2 modify-vpc-endpoint --vpc-endpoint-id ${exampleAwsVpcEndpoint.id} --remove-security-group-ids ${default.id}\n options:\n dependsOn:\n - ${exampleResource}\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getSecurityGroup\n arguments:\n name: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Security Groups using the security group `id`. For example:\n\n```sh\n$ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8\n```\n", "properties": { "arn": { "type": "string", @@ -278534,7 +278534,7 @@ } }, "aws:glue/resourcePolicy:ResourcePolicy": { - "description": "Provides a Glue resource policy. Only one can exist per region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetPartition = aws.getPartition({});\nconst currentGetRegion = aws.getRegion({});\nconst glue-example-policy = Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"glue:CreateTable\"],\n resources: [`arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:*`],\n principals: [{\n identifiers: [\"*\"],\n type: \"AWS\",\n }],\n }],\n}));\nconst example = new aws.glue.ResourcePolicy(\"example\", {policy: glue_example_policy.then(glue_example_policy =\u003e glue_example_policy.json)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_partition = aws.get_partition()\ncurrent_get_region = aws.get_region()\nglue_example_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\"glue:CreateTable\"],\n \"resources\": [f\"arn:{current_get_partition.partition}:glue:{current_get_region.name}:{current.account_id}:*\"],\n \"principals\": [{\n \"identifiers\": [\"*\"],\n \"type\": \"AWS\",\n }],\n}])\nexample = aws.glue.ResourcePolicy(\"example\", policy=glue_example_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetPartition = Aws.GetPartition.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var glue_example_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"glue:CreateTable\",\n },\n Resources = new[]\n {\n $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:glue:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"*\",\n },\n Type = \"AWS\",\n },\n },\n },\n },\n });\n\n var example = new Aws.Glue.ResourcePolicy(\"example\", new()\n {\n Policy = glue_example_policy.Apply(glue_example_policy =\u003e glue_example_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, \u0026aws.GetCallerIdentityArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetPartition, err := aws.GetPartition(ctx, \u0026aws.GetPartitionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, \u0026aws.GetRegionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tglue_example_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"glue:CreateTable\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:%v:glue:%v:%v:*\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewResourcePolicy(ctx, \"example\", \u0026glue.ResourcePolicyArgs{\n\t\t\tPolicy: pulumi.String(glue_example_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.glue.ResourcePolicy;\nimport com.pulumi.aws.glue.ResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetPartition = AwsFunctions.getPartition();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n final var glue-example-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"glue:CreateTable\")\n .resources(String.format(\"arn:%s:glue:%s:%s:*\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"*\")\n .type(\"AWS\")\n .build())\n .build())\n .build());\n\n var example = new ResourcePolicy(\"example\", ResourcePolicyArgs.builder()\n .policy(glue_example_policy.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:ResourcePolicy\n properties:\n policy: ${[\"glue-example-policy\"].json}\nvariables:\n current:\n fn::invoke:\n function: aws:getCallerIdentity\n arguments: {}\n currentGetPartition:\n fn::invoke:\n function: aws:getPartition\n arguments: {}\n currentGetRegion:\n fn::invoke:\n function: aws:getRegion\n arguments: {}\n glue-example-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - glue:CreateTable\n resources:\n - arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:*\n principals:\n - identifiers:\n - '*'\n type: AWS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Glue Resource Policy using the account ID. For example:\n\n```sh\n$ pulumi import aws:glue/resourcePolicy:ResourcePolicy Test 12356789012\n```\n", + "description": "Provides a Glue resource policy. Only one can exist per region.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetPartition = aws.getPartition({});\nconst currentGetRegion = aws.getRegion({});\nconst glue_example_policy = Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"glue:CreateTable\"],\n resources: [`arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:*`],\n principals: [{\n identifiers: [\"*\"],\n type: \"AWS\",\n }],\n }],\n}));\nconst example = new aws.glue.ResourcePolicy(\"example\", {policy: glue_example_policy.then(glue_example_policy =\u003e glue_example_policy.json)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_partition = aws.get_partition()\ncurrent_get_region = aws.get_region()\nglue_example_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\"glue:CreateTable\"],\n \"resources\": [f\"arn:{current_get_partition.partition}:glue:{current_get_region.name}:{current.account_id}:*\"],\n \"principals\": [{\n \"identifiers\": [\"*\"],\n \"type\": \"AWS\",\n }],\n}])\nexample = aws.glue.ResourcePolicy(\"example\", policy=glue_example_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetPartition = Aws.GetPartition.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var glue_example_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"glue:CreateTable\",\n },\n Resources = new[]\n {\n $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:glue:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"*\",\n },\n Type = \"AWS\",\n },\n },\n },\n },\n });\n\n var example = new Aws.Glue.ResourcePolicy(\"example\", new()\n {\n Policy = glue_example_policy.Apply(glue_example_policy =\u003e glue_example_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, \u0026aws.GetCallerIdentityArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetPartition, err := aws.GetPartition(ctx, \u0026aws.GetPartitionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, \u0026aws.GetRegionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tglue_example_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"glue:CreateTable\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"arn:%v:glue:%v:%v:*\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewResourcePolicy(ctx, \"example\", \u0026glue.ResourcePolicyArgs{\n\t\t\tPolicy: pulumi.String(glue_example_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.glue.ResourcePolicy;\nimport com.pulumi.aws.glue.ResourcePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetPartition = AwsFunctions.getPartition();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n final var glue-example-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"glue:CreateTable\")\n .resources(String.format(\"arn:%s:glue:%s:%s:*\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"*\")\n .type(\"AWS\")\n .build())\n .build())\n .build());\n\n var example = new ResourcePolicy(\"example\", ResourcePolicyArgs.builder()\n .policy(glue_example_policy.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:glue:ResourcePolicy\n properties:\n policy: ${[\"glue-example-policy\"].json}\nvariables:\n current:\n fn::invoke:\n function: aws:getCallerIdentity\n arguments: {}\n currentGetPartition:\n fn::invoke:\n function: aws:getPartition\n arguments: {}\n currentGetRegion:\n fn::invoke:\n function: aws:getRegion\n arguments: {}\n glue-example-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - glue:CreateTable\n resources:\n - arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:*\n principals:\n - identifiers:\n - '*'\n type: AWS\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Glue Resource Policy using the account ID. For example:\n\n```sh\n$ pulumi import aws:glue/resourcePolicy:ResourcePolicy Test 12356789012\n```\n", "properties": { "enableHybrid": { "type": "string", @@ -292240,7 +292240,7 @@ } }, "aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream": { - "description": "Provides a Kinesis Firehose Delivery Stream resource. Amazon Kinesis Firehose is a fully managed, elastic service to easily deliver real-time data streams to destinations such as Amazon S3 , Amazon Redshift and Snowflake.\n\nFor more details, see the [Amazon Kinesis Firehose Documentation](https://aws.amazon.com/documentation/firehose/).\n\n## Example Usage\n\n### Extended S3 Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"tf-test-bucket\"});\nconst firehoseAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst firehoseRole = new aws.iam.Role(\"firehose_role\", {\n name: \"firehose_test_role\",\n assumeRolePolicy: firehoseAssumeRole.then(firehoseAssumeRole =\u003e firehoseAssumeRole.json),\n});\nconst lambdaAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst lambdaIam = new aws.iam.Role(\"lambda_iam\", {\n name: \"lambda_iam\",\n assumeRolePolicy: lambdaAssumeRole.then(lambdaAssumeRole =\u003e lambdaAssumeRole.json),\n});\nconst lambdaProcessor = new aws.lambda.Function(\"lambda_processor\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n name: \"firehose_lambda_processor\",\n role: lambdaIam.arn,\n handler: \"exports.handler\",\n runtime: aws.lambda.Runtime.NodeJS20dX,\n});\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: pulumi.interpolate`${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\nconst bucketAcl = new aws.s3.BucketAclV2(\"bucket_acl\", {\n bucket: bucket.id,\n acl: \"private\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"tf-test-bucket\")\nfirehose_assume_role = aws.iam.get_policy_document(statements=[{\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"firehose.amazonaws.com\"],\n }],\n \"actions\": [\"sts:AssumeRole\"],\n}])\nfirehose_role = aws.iam.Role(\"firehose_role\",\n name=\"firehose_test_role\",\n assume_role_policy=firehose_assume_role.json)\nlambda_assume_role = aws.iam.get_policy_document(statements=[{\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"lambda.amazonaws.com\"],\n }],\n \"actions\": [\"sts:AssumeRole\"],\n}])\nlambda_iam = aws.iam.Role(\"lambda_iam\",\n name=\"lambda_iam\",\n assume_role_policy=lambda_assume_role.json)\nlambda_processor = aws.lambda_.Function(\"lambda_processor\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n name=\"firehose_lambda_processor\",\n role=lambda_iam.arn,\n handler=\"exports.handler\",\n runtime=aws.lambda_.Runtime.NODE_JS20D_X)\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration={\n \"role_arn\": firehose_role.arn,\n \"bucket_arn\": bucket.arn,\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": lambda_processor.arn.apply(lambda arn: f\"{arn}:$LATEST\"),\n }],\n }],\n },\n })\nbucket_acl = aws.s3.BucketAclV2(\"bucket_acl\",\n bucket=bucket.id,\n acl=\"private\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"tf-test-bucket\",\n });\n\n var firehoseAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var firehoseRole = new Aws.Iam.Role(\"firehose_role\", new()\n {\n Name = \"firehose_test_role\",\n AssumeRolePolicy = firehoseAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var lambdaIam = new Aws.Iam.Role(\"lambda_iam\", new()\n {\n Name = \"lambda_iam\",\n AssumeRolePolicy = lambdaAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaProcessor = new Aws.Lambda.Function(\"lambda_processor\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Name = \"firehose_lambda_processor\",\n Role = lambdaIam.Arn,\n Handler = \"exports.handler\",\n Runtime = Aws.Lambda.Runtime.NodeJS20dX,\n });\n\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = lambdaProcessor.Arn.Apply(arn =\u003e $\"{arn}:$LATEST\"),\n },\n },\n },\n },\n },\n },\n });\n\n var bucketAcl = new Aws.S3.BucketAclV2(\"bucket_acl\", new()\n {\n Bucket = bucket.Id,\n Acl = \"private\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseRole, err := iam.NewRole(ctx, \"firehose_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"firehose_test_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(firehoseAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaIam, err := iam.NewRole(ctx, \"lambda_iam\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"lambda_iam\"),\n\t\t\tAssumeRolePolicy: pulumi.String(lambdaAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaProcessor, err := lambda.NewFunction(ctx, \"lambda_processor\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tName: pulumi.String(\"firehose_lambda_processor\"),\n\t\t\tRole: lambdaIam.Arn,\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimeNodeJS20dX),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseRole.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: lambdaProcessor.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:$LATEST\", arn), nil\n\t\t\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: bucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder()\n .bucket(\"tf-test-bucket\")\n .build());\n\n final var firehoseAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var firehoseRole = new Role(\"firehoseRole\", RoleArgs.builder()\n .name(\"firehose_test_role\")\n .assumeRolePolicy(firehoseAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambdaAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var lambdaIam = new Role(\"lambdaIam\", RoleArgs.builder()\n .name(\"lambda_iam\")\n .assumeRolePolicy(lambdaAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaProcessor = new Function(\"lambdaProcessor\", FunctionArgs.builder()\n .code(new FileArchive(\"lambda.zip\"))\n .name(\"firehose_lambda_processor\")\n .role(lambdaIam.arn())\n .handler(\"exports.handler\")\n .runtime(\"nodejs20.x\")\n .build());\n\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(lambdaProcessor.arn().applyValue(arn -\u003e String.format(\"%s:$LATEST\", arn)))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var bucketAcl = new BucketAclV2(\"bucketAcl\", BucketAclV2Args.builder()\n .bucket(bucket.id())\n .acl(\"private\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket\n bucketAcl:\n type: aws:s3:BucketAclV2\n name: bucket_acl\n properties:\n bucket: ${bucket.id}\n acl: private\n firehoseRole:\n type: aws:iam:Role\n name: firehose_role\n properties:\n name: firehose_test_role\n assumeRolePolicy: ${firehoseAssumeRole.json}\n lambdaIam:\n type: aws:iam:Role\n name: lambda_iam\n properties:\n name: lambda_iam\n assumeRolePolicy: ${lambdaAssumeRole.json}\n lambdaProcessor:\n type: aws:lambda:Function\n name: lambda_processor\n properties:\n code:\n fn::FileArchive: lambda.zip\n name: firehose_lambda_processor\n role: ${lambdaIam.arn}\n handler: exports.handler\n runtime: nodejs20.x\nvariables:\n firehoseAssumeRole:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n lambdaAssumeRole:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Extended S3 Destination with dynamic partitioning\n\nThese examples use built-in Firehose functionality, rather than requiring a lambda.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 64,\n dynamicPartitioningConfiguration: {\n enabled: true,\n },\n prefix: \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n errorOutputPrefix: \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processingConfiguration: {\n enabled: true,\n processors: [\n {\n type: \"RecordDeAggregation\",\n parameters: [{\n parameterName: \"SubRecordType\",\n parameterValue: \"JSON\",\n }],\n },\n {\n type: \"AppendDelimiterToRecord\",\n },\n {\n type: \"MetadataExtraction\",\n parameters: [\n {\n parameterName: \"JsonParsingEngine\",\n parameterValue: \"JQ-1.6\",\n },\n {\n parameterName: \"MetadataExtractionQuery\",\n parameterValue: \"{customer_id:.customer_id}\",\n },\n ],\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration={\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 64,\n \"dynamic_partitioning_configuration\": {\n \"enabled\": True,\n },\n \"prefix\": \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n \"error_output_prefix\": \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [\n {\n \"type\": \"RecordDeAggregation\",\n \"parameters\": [{\n \"parameter_name\": \"SubRecordType\",\n \"parameter_value\": \"JSON\",\n }],\n },\n {\n \"type\": \"AppendDelimiterToRecord\",\n },\n {\n \"type\": \"MetadataExtraction\",\n \"parameters\": [\n {\n \"parameter_name\": \"JsonParsingEngine\",\n \"parameter_value\": \"JQ-1.6\",\n },\n {\n \"parameter_name\": \"MetadataExtractionQuery\",\n \"parameter_value\": \"{customer_id:.customer_id}\",\n },\n ],\n },\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 64,\n DynamicPartitioningConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs\n {\n Enabled = true,\n },\n Prefix = \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n ErrorOutputPrefix = \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"RecordDeAggregation\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"SubRecordType\",\n ParameterValue = \"JSON\",\n },\n },\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"AppendDelimiterToRecord\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"MetadataExtraction\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"JsonParsingEngine\",\n ParameterValue = \"JQ-1.6\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"MetadataExtractionQuery\",\n ParameterValue = \"{customer_id:.customer_id}\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\tBufferingSize: pulumi.Int(64),\n\t\t\t\tDynamicPartitioningConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tPrefix: pulumi.String(\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\"),\n\t\t\t\tErrorOutputPrefix: pulumi.String(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\"),\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"RecordDeAggregation\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"SubRecordType\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JSON\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AppendDelimiterToRecord\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"MetadataExtraction\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"JsonParsingEngine\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JQ-1.6\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"MetadataExtractionQuery\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"{customer_id:.customer_id}\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(64)\n .dynamicPartitioningConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs.builder()\n .enabled(\"true\")\n .build())\n .prefix(\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\")\n .errorOutputPrefix(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\")\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"RecordDeAggregation\")\n .parameters(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"SubRecordType\")\n .parameterValue(\"JSON\")\n .build())\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"AppendDelimiterToRecord\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"MetadataExtraction\")\n .parameters( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"JsonParsingEngine\")\n .parameterValue(\"JQ-1.6\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"MetadataExtractionQuery\")\n .parameterValue(\"{customer_id:.customer_id}\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 64\n dynamicPartitioningConfiguration:\n enabled: 'true'\n prefix: data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\n errorOutputPrefix: errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: RecordDeAggregation\n parameters:\n - parameterName: SubRecordType\n parameterValue: JSON\n - type: AppendDelimiterToRecord\n - type: MetadataExtraction\n parameters:\n - parameterName: JsonParsingEngine\n parameterValue: JQ-1.6\n - parameterName: MetadataExtractionQuery\n parameterValue: '{customer_id:.customer_id}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nMultiple Dynamic Partitioning Keys (maximum of 50) can be added by comma separating the `parameter_value`.\n\nThe following example adds the Dynamic Partitioning Keys: `store_id` and `customer_id` to the S3 prefix.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 64,\n dynamicPartitioningConfiguration: {\n enabled: true,\n },\n prefix: \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n errorOutputPrefix: \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"MetadataExtraction\",\n parameters: [\n {\n parameterName: \"JsonParsingEngine\",\n parameterValue: \"JQ-1.6\",\n },\n {\n parameterName: \"MetadataExtractionQuery\",\n parameterValue: \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n ],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration={\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 64,\n \"dynamic_partitioning_configuration\": {\n \"enabled\": True,\n },\n \"prefix\": \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n \"error_output_prefix\": \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"MetadataExtraction\",\n \"parameters\": [\n {\n \"parameter_name\": \"JsonParsingEngine\",\n \"parameter_value\": \"JQ-1.6\",\n },\n {\n \"parameter_name\": \"MetadataExtractionQuery\",\n \"parameter_value\": \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n ],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 64,\n DynamicPartitioningConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs\n {\n Enabled = true,\n },\n Prefix = \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n ErrorOutputPrefix = \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"MetadataExtraction\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"JsonParsingEngine\",\n ParameterValue = \"JQ-1.6\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"MetadataExtractionQuery\",\n ParameterValue = \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\tBufferingSize: pulumi.Int(64),\n\t\t\t\tDynamicPartitioningConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tPrefix: pulumi.String(\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\"),\n\t\t\t\tErrorOutputPrefix: pulumi.String(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\"),\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"MetadataExtraction\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"JsonParsingEngine\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JQ-1.6\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"MetadataExtractionQuery\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"{store_id:.store_id,customer_id:.customer_id}\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(64)\n .dynamicPartitioningConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs.builder()\n .enabled(\"true\")\n .build())\n .prefix(\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\")\n .errorOutputPrefix(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\")\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"MetadataExtraction\")\n .parameters( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"JsonParsingEngine\")\n .parameterValue(\"JQ-1.6\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"MetadataExtractionQuery\")\n .parameterValue(\"{store_id:.store_id,customer_id:.customer_id}\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 64\n dynamicPartitioningConfiguration:\n enabled: 'true'\n prefix: data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\n errorOutputPrefix: errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: MetadataExtraction\n parameters:\n - parameterName: JsonParsingEngine\n parameterValue: JQ-1.6\n - parameterName: MetadataExtractionQuery\n parameterValue: '{store_id:.store_id,customer_id:.customer_id}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Redshift Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.redshift.Cluster(\"test_cluster\", {\n clusterIdentifier: \"tf-redshift-cluster\",\n databaseName: \"test\",\n masterUsername: \"testuser\",\n masterPassword: \"T3stPass\",\n nodeType: \"dc1.large\",\n clusterType: \"single-node\",\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"redshift\",\n redshiftConfiguration: {\n roleArn: firehoseRole.arn,\n clusterJdbcurl: pulumi.interpolate`jdbc:redshift://${testCluster.endpoint}/${testCluster.databaseName}`,\n username: \"testuser\",\n password: \"T3stPass\",\n dataTableName: \"test-table\",\n copyOptions: \"delimiter '|'\",\n dataTableColumns: \"test-col\",\n s3BackupMode: \"Enabled\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n s3BackupConfiguration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 15,\n bufferingInterval: 300,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.redshift.Cluster(\"test_cluster\",\n cluster_identifier=\"tf-redshift-cluster\",\n database_name=\"test\",\n master_username=\"testuser\",\n master_password=\"T3stPass\",\n node_type=\"dc1.large\",\n cluster_type=\"single-node\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"redshift\",\n redshift_configuration={\n \"role_arn\": firehose_role[\"arn\"],\n \"cluster_jdbcurl\": pulumi.Output.all(\n endpoint=test_cluster.endpoint,\n database_name=test_cluster.database_name\n).apply(lambda resolved_outputs: f\"jdbc:redshift://{resolved_outputs['endpoint']}/{resolved_outputs['database_name']}\")\n,\n \"username\": \"testuser\",\n \"password\": \"T3stPass\",\n \"data_table_name\": \"test-table\",\n \"copy_options\": \"delimiter '|'\",\n \"data_table_columns\": \"test-col\",\n \"s3_backup_mode\": \"Enabled\",\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"s3_backup_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 15,\n \"buffering_interval\": 300,\n \"compression_format\": \"GZIP\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.RedShift.Cluster(\"test_cluster\", new()\n {\n ClusterIdentifier = \"tf-redshift-cluster\",\n DatabaseName = \"test\",\n MasterUsername = \"testuser\",\n MasterPassword = \"T3stPass\",\n NodeType = \"dc1.large\",\n ClusterType = \"single-node\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"redshift\",\n RedshiftConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n ClusterJdbcurl = Output.Tuple(testCluster.Endpoint, testCluster.DatabaseName).Apply(values =\u003e\n {\n var endpoint = values.Item1;\n var databaseName = values.Item2;\n return $\"jdbc:redshift://{endpoint}/{databaseName}\";\n }),\n Username = \"testuser\",\n Password = \"T3stPass\",\n DataTableName = \"test-table\",\n CopyOptions = \"delimiter '|'\",\n DataTableColumns = \"test-col\",\n S3BackupMode = \"Enabled\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n S3BackupConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 15,\n BufferingInterval = 300,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := redshift.NewCluster(ctx, \"test_cluster\", \u0026redshift.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift-cluster\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tMasterUsername: pulumi.String(\"testuser\"),\n\t\t\tMasterPassword: pulumi.String(\"T3stPass\"),\n\t\t\tNodeType: pulumi.String(\"dc1.large\"),\n\t\t\tClusterType: pulumi.String(\"single-node\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"redshift\"),\n\t\t\tRedshiftConfiguration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tClusterJdbcurl: pulumi.All(testCluster.Endpoint, testCluster.DatabaseName).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tendpoint := _args[0].(string)\n\t\t\t\t\tdatabaseName := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"jdbc:redshift://%v/%v\", endpoint, databaseName), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tUsername: pulumi.String(\"testuser\"),\n\t\t\t\tPassword: pulumi.String(\"T3stPass\"),\n\t\t\t\tDataTableName: pulumi.String(\"test-table\"),\n\t\t\t\tCopyOptions: pulumi.String(\"delimiter '|'\"),\n\t\t\t\tDataTableColumns: pulumi.String(\"test-col\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"Enabled\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tS3BackupConfiguration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\t\tBufferingInterval: pulumi.Int(300),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.redshift.Cluster;\nimport com.pulumi.aws.redshift.ClusterArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Cluster(\"testCluster\", ClusterArgs.builder()\n .clusterIdentifier(\"tf-redshift-cluster\")\n .databaseName(\"test\")\n .masterUsername(\"testuser\")\n .masterPassword(\"T3stPass\")\n .nodeType(\"dc1.large\")\n .clusterType(\"single-node\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"redshift\")\n .redshiftConfiguration(FirehoseDeliveryStreamRedshiftConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .clusterJdbcurl(Output.tuple(testCluster.endpoint(), testCluster.databaseName()).applyValue(values -\u003e {\n var endpoint = values.t1;\n var databaseName = values.t2;\n return String.format(\"jdbc:redshift://%s/%s\", endpoint,databaseName);\n }))\n .username(\"testuser\")\n .password(\"T3stPass\")\n .dataTableName(\"test-table\")\n .copyOptions(\"delimiter '|'\")\n .dataTableColumns(\"test-col\")\n .s3BackupMode(\"Enabled\")\n .s3Configuration(FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .s3BackupConfiguration(FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(15)\n .bufferingInterval(300)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:redshift:Cluster\n name: test_cluster\n properties:\n clusterIdentifier: tf-redshift-cluster\n databaseName: test\n masterUsername: testuser\n masterPassword: T3stPass\n nodeType: dc1.large\n clusterType: single-node\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: redshift\n redshiftConfiguration:\n roleArn: ${firehoseRole.arn}\n clusterJdbcurl: jdbc:redshift://${testCluster.endpoint}/${testCluster.databaseName}\n username: testuser\n password: T3stPass\n dataTableName: test-table\n copyOptions: delimiter '|'\n dataTableColumns: test-col\n s3BackupMode: Enabled\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n s3BackupConfiguration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 15\n bufferingInterval: 300\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Elasticsearch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"test_cluster\", {domainName: \"firehose-es-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"elasticsearch\",\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n typeName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"test_cluster\", domain_name=\"firehose-es-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"elasticsearch\",\n elasticsearch_configuration={\n \"domain_arn\": test_cluster.arn,\n \"role_arn\": firehose_role[\"arn\"],\n \"index_name\": \"test\",\n \"type_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": f\"{lambda_processor['arn']}:$LATEST\",\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.ElasticSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"firehose-es-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"elasticsearch\",\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"test_cluster\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"firehose-es-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tElasticsearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder()\n .domainName(\"firehose-es-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"elasticsearch\")\n .elasticsearchConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .typeName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:elasticsearch:Domain\n name: test_cluster\n properties:\n domainName: firehose-es-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: elasticsearch\n elasticsearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehoseRole.arn}\n indexName: test\n typeName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Elasticsearch Destination With VPC\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"test_cluster\", {\n domainName: \"es-test\",\n clusterConfig: {\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n instanceType: \"t2.small.elasticsearch\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n vpcOptions: {\n securityGroupIds: [first.id],\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n },\n});\nconst firehose-elasticsearch = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"es:*\"],\n resources: [\n testCluster.arn,\n pulumi.interpolate`${testCluster.arn}/*`,\n ],\n },\n {\n effect: \"Allow\",\n actions: [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n ],\n resources: [\"*\"],\n },\n ],\n});\nconst firehose_elasticsearchRolePolicy = new aws.iam.RolePolicy(\"firehose-elasticsearch\", {\n name: \"elasticsearch\",\n role: firehose.id,\n policy: firehose_elasticsearch.apply(firehose_elasticsearch =\u003e firehose_elasticsearch.json),\n});\nconst test = new aws.kinesis.FirehoseDeliveryStream(\"test\", {\n name: \"kinesis-firehose-es\",\n destination: \"elasticsearch\",\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehose.arn,\n indexName: \"test\",\n typeName: \"test\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n },\n vpcConfig: {\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n securityGroupIds: [first.id],\n roleArn: firehose.arn,\n },\n },\n}, {\n dependsOn: [firehose_elasticsearchRolePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"test_cluster\",\n domain_name=\"es-test\",\n cluster_config={\n \"instance_count\": 2,\n \"zone_awareness_enabled\": True,\n \"instance_type\": \"t2.small.elasticsearch\",\n },\n ebs_options={\n \"ebs_enabled\": True,\n \"volume_size\": 10,\n },\n vpc_options={\n \"security_group_ids\": [first[\"id\"]],\n \"subnet_ids\": [\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n })\nfirehose_elasticsearch = aws.iam.get_policy_document_output(statements=[\n {\n \"effect\": \"Allow\",\n \"actions\": [\"es:*\"],\n \"resources\": [\n test_cluster.arn,\n test_cluster.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n },\n {\n \"effect\": \"Allow\",\n \"actions\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n ],\n \"resources\": [\"*\"],\n },\n])\nfirehose_elasticsearch_role_policy = aws.iam.RolePolicy(\"firehose-elasticsearch\",\n name=\"elasticsearch\",\n role=firehose[\"id\"],\n policy=firehose_elasticsearch.json)\ntest = aws.kinesis.FirehoseDeliveryStream(\"test\",\n name=\"kinesis-firehose-es\",\n destination=\"elasticsearch\",\n elasticsearch_configuration={\n \"domain_arn\": test_cluster.arn,\n \"role_arn\": firehose[\"arn\"],\n \"index_name\": \"test\",\n \"type_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n },\n \"vpc_config\": {\n \"subnet_ids\": [\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n \"security_group_ids\": [first[\"id\"]],\n \"role_arn\": firehose[\"arn\"],\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[firehose_elasticsearch_role_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.ElasticSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"es-test\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceCount = 2,\n ZoneAwarenessEnabled = true,\n InstanceType = \"t2.small.elasticsearch\",\n },\n EbsOptions = new Aws.ElasticSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n },\n });\n\n var firehose_elasticsearch = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n testCluster.Arn,\n $\"{testCluster.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var firehose_elasticsearchRolePolicy = new Aws.Iam.RolePolicy(\"firehose-elasticsearch\", new()\n {\n Name = \"elasticsearch\",\n Role = firehose.Id,\n Policy = firehose_elasticsearch.Apply(firehose_elasticsearch =\u003e firehose_elasticsearch.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var test = new Aws.Kinesis.FirehoseDeliveryStream(\"test\", new()\n {\n Name = \"kinesis-firehose-es\",\n Destination = \"elasticsearch\",\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehose.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n },\n VpcConfig = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs\n {\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n RoleArn = firehose.Arn,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firehose_elasticsearchRolePolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"test_cluster\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"es-test\"),\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceCount: pulumi.Int(2),\n\t\t\t\tZoneAwarenessEnabled: pulumi.Bool(true),\n\t\t\t\tInstanceType: pulumi.String(\"t2.small.elasticsearch\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026elasticsearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tfirst.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\tsecond.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehose_elasticsearch := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"es:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\ttestCluster.Arn,\n\t\t\t\t\t\ttestCluster.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeVpcs\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeVpcAttribute\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeSubnets\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeSecurityGroups\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeNetworkInterfaces\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:CreateNetworkInterface\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:CreateNetworkInterfacePermission\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DeleteNetworkInterface\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose-elasticsearch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"elasticsearch\"),\n\t\t\tRole: pulumi.Any(firehose.Id),\n\t\t\tPolicy: pulumi.String(firehose_elasticsearch.ApplyT(func(firehose_elasticsearch iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026firehose_elasticsearch.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-es\"),\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tElasticsearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t},\n\t\t\t\tVpcConfig: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs{\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\t\tsecond.Id,\n\t\t\t\t\t},\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tfirst.Id,\n\t\t\t\t\t},\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirehose_elasticsearchRolePolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder()\n .domainName(\"es-test\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceCount(2)\n .zoneAwarenessEnabled(true)\n .instanceType(\"t2.small.elasticsearch\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .securityGroupIds(first.id())\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .build())\n .build());\n\n final var firehose-elasticsearch = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"es:*\")\n .resources( \n testCluster.arn(),\n testCluster.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\")\n .resources(\"*\")\n .build())\n .build());\n\n var firehose_elasticsearchRolePolicy = new RolePolicy(\"firehose-elasticsearchRolePolicy\", RolePolicyArgs.builder()\n .name(\"elasticsearch\")\n .role(firehose.id())\n .policy(firehose_elasticsearch.applyValue(firehose_elasticsearch -\u003e firehose_elasticsearch.json()))\n .build());\n\n var test = new FirehoseDeliveryStream(\"test\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-es\")\n .destination(\"elasticsearch\")\n .elasticsearchConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehose.arn())\n .indexName(\"test\")\n .typeName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .build())\n .vpcConfig(FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs.builder()\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .securityGroupIds(first.id())\n .roleArn(firehose.arn())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(firehose_elasticsearchRolePolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:elasticsearch:Domain\n name: test_cluster\n properties:\n domainName: es-test\n clusterConfig:\n instanceCount: 2\n zoneAwarenessEnabled: true\n instanceType: t2.small.elasticsearch\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n vpcOptions:\n securityGroupIds:\n - ${first.id}\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n firehose-elasticsearchRolePolicy:\n type: aws:iam:RolePolicy\n name: firehose-elasticsearch\n properties:\n name: elasticsearch\n role: ${firehose.id}\n policy: ${[\"firehose-elasticsearch\"].json}\n test:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: kinesis-firehose-es\n destination: elasticsearch\n elasticsearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehose.arn}\n indexName: test\n typeName: test\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n vpcConfig:\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n securityGroupIds:\n - ${first.id}\n roleArn: ${firehose.arn}\n options:\n dependsOn:\n - ${[\"firehose-elasticsearchRolePolicy\"]}\nvariables:\n firehose-elasticsearch:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n actions:\n - es:*\n resources:\n - ${testCluster.arn}\n - ${testCluster.arn}/*\n - effect: Allow\n actions:\n - ec2:DescribeVpcs\n - ec2:DescribeVpcAttribute\n - ec2:DescribeSubnets\n - ec2:DescribeSecurityGroups\n - ec2:DescribeNetworkInterfaces\n - ec2:CreateNetworkInterface\n - ec2:CreateNetworkInterfacePermission\n - ec2:DeleteNetworkInterface\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.opensearch.Domain(\"test_cluster\", {domainName: \"firehose-os-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"opensearch\",\n opensearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.opensearch.Domain(\"test_cluster\", domain_name=\"firehose-os-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"opensearch\",\n opensearch_configuration={\n \"domain_arn\": test_cluster.arn,\n \"role_arn\": firehose_role[\"arn\"],\n \"index_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": f\"{lambda_processor['arn']}:$LATEST\",\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.OpenSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"firehose-os-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"opensearch\",\n OpensearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := opensearch.NewDomain(ctx, \"test_cluster\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"firehose-os-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"opensearch\"),\n\t\t\tOpensearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder()\n .domainName(\"firehose-os-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"opensearch\")\n .opensearchConfiguration(FirehoseDeliveryStreamOpensearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:opensearch:Domain\n name: test_cluster\n properties:\n domainName: firehose-os-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: opensearch\n opensearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehoseRole.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Destination With VPC\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.opensearch.Domain(\"test_cluster\", {\n domainName: \"es-test\",\n clusterConfig: {\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n instanceType: \"m4.large.search\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n vpcOptions: {\n securityGroupIds: [first.id],\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n },\n});\nconst firehose_opensearch = new aws.iam.RolePolicy(\"firehose-opensearch\", {\n name: \"opensearch\",\n role: firehose.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"${testCluster.arn}\",\n \"${testCluster.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`,\n});\nconst test = new aws.kinesis.FirehoseDeliveryStream(\"test\", {\n name: \"pulumi-kinesis-firehose-os\",\n destination: \"opensearch\",\n opensearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehose.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n },\n vpcConfig: {\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n securityGroupIds: [first.id],\n roleArn: firehose.arn,\n },\n },\n}, {\n dependsOn: [firehose_opensearch],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.opensearch.Domain(\"test_cluster\",\n domain_name=\"es-test\",\n cluster_config={\n \"instance_count\": 2,\n \"zone_awareness_enabled\": True,\n \"instance_type\": \"m4.large.search\",\n },\n ebs_options={\n \"ebs_enabled\": True,\n \"volume_size\": 10,\n },\n vpc_options={\n \"security_group_ids\": [first[\"id\"]],\n \"subnet_ids\": [\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n })\nfirehose_opensearch = aws.iam.RolePolicy(\"firehose-opensearch\",\n name=\"opensearch\",\n role=firehose[\"id\"],\n policy=pulumi.Output.all(\n testClusterArn=test_cluster.arn,\n testClusterArn1=test_cluster.arn\n).apply(lambda resolved_outputs: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"{resolved_outputs['testClusterArn']}\",\n \"{resolved_outputs['testClusterArn1']}/*\"\n ]\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }}\n ]\n}}\n\"\"\")\n)\ntest = aws.kinesis.FirehoseDeliveryStream(\"test\",\n name=\"pulumi-kinesis-firehose-os\",\n destination=\"opensearch\",\n opensearch_configuration={\n \"domain_arn\": test_cluster.arn,\n \"role_arn\": firehose[\"arn\"],\n \"index_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n },\n \"vpc_config\": {\n \"subnet_ids\": [\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n \"security_group_ids\": [first[\"id\"]],\n \"role_arn\": firehose[\"arn\"],\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[firehose_opensearch]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.OpenSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"es-test\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceCount = 2,\n ZoneAwarenessEnabled = true,\n InstanceType = \"m4.large.search\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n },\n });\n\n var firehose_opensearch = new Aws.Iam.RolePolicy(\"firehose-opensearch\", new()\n {\n Name = \"opensearch\",\n Role = firehose.Id,\n Policy = Output.Tuple(testCluster.Arn, testCluster.Arn).Apply(values =\u003e\n {\n var testClusterArn = values.Item1;\n var testClusterArn1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"es:*\"\"\n ],\n \"\"Resource\"\": [\n \"\"{testClusterArn}\"\",\n \"\"{testClusterArn1}/*\"\"\n ]\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:DescribeVpcs\"\",\n \"\"ec2:DescribeVpcAttribute\"\",\n \"\"ec2:DescribeSubnets\"\",\n \"\"ec2:DescribeSecurityGroups\"\",\n \"\"ec2:DescribeNetworkInterfaces\"\",\n \"\"ec2:CreateNetworkInterface\"\",\n \"\"ec2:CreateNetworkInterfacePermission\"\",\n \"\"ec2:DeleteNetworkInterface\"\"\n ],\n \"\"Resource\"\": [\n \"\"*\"\"\n ]\n }}\n ]\n}}\n\";\n }),\n });\n\n var test = new Aws.Kinesis.FirehoseDeliveryStream(\"test\", new()\n {\n Name = \"pulumi-kinesis-firehose-os\",\n Destination = \"opensearch\",\n OpensearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehose.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n },\n VpcConfig = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs\n {\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n RoleArn = firehose.Arn,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firehose_opensearch,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := opensearch.NewDomain(ctx, \"test_cluster\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"es-test\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceCount: pulumi.Int(2),\n\t\t\t\tZoneAwarenessEnabled: pulumi.Bool(true),\n\t\t\t\tInstanceType: pulumi.String(\"m4.large.search\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tfirst.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\tsecond.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose-opensearch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"opensearch\"),\n\t\t\tRole: pulumi.Any(firehose.Id),\n\t\t\tPolicy: pulumi.All(testCluster.Arn, testCluster.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\ttestClusterArn := _args[0].(string)\n\t\t\t\ttestClusterArn1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"%v\",\n \"%v/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`, testClusterArn, testClusterArn1), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"pulumi-kinesis-firehose-os\"),\n\t\t\tDestination: pulumi.String(\"opensearch\"),\n\t\t\tOpensearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t},\n\t\t\t\tVpcConfig: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs{\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\t\tsecond.Id,\n\t\t\t\t\t},\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tfirst.Id,\n\t\t\t\t\t},\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirehose_opensearch,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder()\n .domainName(\"es-test\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceCount(2)\n .zoneAwarenessEnabled(true)\n .instanceType(\"m4.large.search\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .securityGroupIds(first.id())\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .build())\n .build());\n\n var firehose_opensearch = new RolePolicy(\"firehose-opensearch\", RolePolicyArgs.builder()\n .name(\"opensearch\")\n .role(firehose.id())\n .policy(Output.tuple(testCluster.arn(), testCluster.arn()).applyValue(values -\u003e {\n var testClusterArn = values.t1;\n var testClusterArn1 = values.t2;\n return \"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"%s\",\n \"%s/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n\", testClusterArn,testClusterArn1);\n }))\n .build());\n\n var test = new FirehoseDeliveryStream(\"test\", FirehoseDeliveryStreamArgs.builder()\n .name(\"pulumi-kinesis-firehose-os\")\n .destination(\"opensearch\")\n .opensearchConfiguration(FirehoseDeliveryStreamOpensearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehose.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .build())\n .vpcConfig(FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs.builder()\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .securityGroupIds(first.id())\n .roleArn(firehose.arn())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(firehose_opensearch)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:opensearch:Domain\n name: test_cluster\n properties:\n domainName: es-test\n clusterConfig:\n instanceCount: 2\n zoneAwarenessEnabled: true\n instanceType: m4.large.search\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n vpcOptions:\n securityGroupIds:\n - ${first.id}\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n firehose-opensearch:\n type: aws:iam:RolePolicy\n properties:\n name: opensearch\n role: ${firehose.id}\n policy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"${testCluster.arn}\",\n \"${testCluster.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n }\n test:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: pulumi-kinesis-firehose-os\n destination: opensearch\n opensearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehose.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n vpcConfig:\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n securityGroupIds:\n - ${first.id}\n roleArn: ${firehose.arn}\n options:\n dependsOn:\n - ${[\"firehose-opensearch\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Serverless Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCollection = new aws.opensearch.ServerlessCollection(\"test_collection\", {name: \"firehose-osserverless-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"opensearchserverless\",\n opensearchserverlessConfiguration: {\n collectionEndpoint: testCollection.collectionEndpoint,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_collection = aws.opensearch.ServerlessCollection(\"test_collection\", name=\"firehose-osserverless-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"opensearchserverless\",\n opensearchserverless_configuration={\n \"collection_endpoint\": test_collection.collection_endpoint,\n \"role_arn\": firehose_role[\"arn\"],\n \"index_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": f\"{lambda_processor['arn']}:$LATEST\",\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCollection = new Aws.OpenSearch.ServerlessCollection(\"test_collection\", new()\n {\n Name = \"firehose-osserverless-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"opensearchserverless\",\n OpensearchserverlessConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs\n {\n CollectionEndpoint = testCollection.CollectionEndpoint,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCollection, err := opensearch.NewServerlessCollection(ctx, \"test_collection\", \u0026opensearch.ServerlessCollectionArgs{\n\t\t\tName: pulumi.String(\"firehose-osserverless-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"opensearchserverless\"),\n\t\t\tOpensearchserverlessConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs{\n\t\t\t\tCollectionEndpoint: testCollection.CollectionEndpoint,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.ServerlessCollection;\nimport com.pulumi.aws.opensearch.ServerlessCollectionArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCollection = new ServerlessCollection(\"testCollection\", ServerlessCollectionArgs.builder()\n .name(\"firehose-osserverless-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"opensearchserverless\")\n .opensearchserverlessConfiguration(FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs.builder()\n .collectionEndpoint(testCollection.collectionEndpoint())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCollection:\n type: aws:opensearch:ServerlessCollection\n name: test_collection\n properties:\n name: firehose-osserverless-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: opensearchserverless\n opensearchserverlessConfiguration:\n collectionEndpoint: ${testCollection.collectionEndpoint}\n roleArn: ${firehoseRole.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Iceberg Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetPartition = aws.getPartition({});\nconst currentGetRegion = aws.getRegion({});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {\n bucket: \"test-bucket\",\n forceDestroy: true,\n});\nconst test = new aws.glue.CatalogDatabase(\"test\", {name: \"test\"});\nconst testCatalogTable = new aws.glue.CatalogTable(\"test\", {\n name: \"test\",\n databaseName: test.name,\n parameters: {\n format: \"parquet\",\n },\n tableType: \"EXTERNAL_TABLE\",\n openTableFormatInput: {\n icebergInput: {\n metadataOperation: \"CREATE\",\n version: \"2\",\n },\n },\n storageDescriptor: {\n location: pulumi.interpolate`s3://${bucket.id}`,\n columns: [{\n name: \"my_column_1\",\n type: \"int\",\n }],\n },\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"iceberg\",\n icebergConfiguration: {\n roleArn: firehoseRole.arn,\n catalogArn: Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e `arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:catalog`),\n bufferingSize: 10,\n bufferingInterval: 400,\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n },\n destinationTableConfigurations: [{\n databaseName: test.name,\n tableName: testCatalogTable.name,\n }],\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_partition = aws.get_partition()\ncurrent_get_region = aws.get_region()\nbucket = aws.s3.BucketV2(\"bucket\",\n bucket=\"test-bucket\",\n force_destroy=True)\ntest = aws.glue.CatalogDatabase(\"test\", name=\"test\")\ntest_catalog_table = aws.glue.CatalogTable(\"test\",\n name=\"test\",\n database_name=test.name,\n parameters={\n \"format\": \"parquet\",\n },\n table_type=\"EXTERNAL_TABLE\",\n open_table_format_input={\n \"iceberg_input\": {\n \"metadata_operation\": \"CREATE\",\n \"version\": \"2\",\n },\n },\n storage_descriptor={\n \"location\": bucket.id.apply(lambda id: f\"s3://{id}\"),\n \"columns\": [{\n \"name\": \"my_column_1\",\n \"type\": \"int\",\n }],\n })\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"iceberg\",\n iceberg_configuration={\n \"role_arn\": firehose_role[\"arn\"],\n \"catalog_arn\": f\"arn:{current_get_partition.partition}:glue:{current_get_region.name}:{current.account_id}:catalog\",\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket.arn,\n },\n \"destination_table_configurations\": [{\n \"database_name\": test.name,\n \"table_name\": test_catalog_table.name,\n }],\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": f\"{lambda_processor['arn']}:$LATEST\",\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetPartition = Aws.GetPartition.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"test-bucket\",\n ForceDestroy = true,\n });\n\n var test = new Aws.Glue.CatalogDatabase(\"test\", new()\n {\n Name = \"test\",\n });\n\n var testCatalogTable = new Aws.Glue.CatalogTable(\"test\", new()\n {\n Name = \"test\",\n DatabaseName = test.Name,\n Parameters = \n {\n { \"format\", \"parquet\" },\n },\n TableType = \"EXTERNAL_TABLE\",\n OpenTableFormatInput = new Aws.Glue.Inputs.CatalogTableOpenTableFormatInputArgs\n {\n IcebergInput = new Aws.Glue.Inputs.CatalogTableOpenTableFormatInputIcebergInputArgs\n {\n MetadataOperation = \"CREATE\",\n Version = \"2\",\n },\n },\n StorageDescriptor = new Aws.Glue.Inputs.CatalogTableStorageDescriptorArgs\n {\n Location = bucket.Id.Apply(id =\u003e $\"s3://{id}\"),\n Columns = new[]\n {\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"my_column_1\",\n Type = \"int\",\n },\n },\n },\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"iceberg\",\n IcebergConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n CatalogArn = Output.Tuple(currentGetPartition, currentGetRegion, current).Apply(values =\u003e\n {\n var currentGetPartition = values.Item1;\n var currentGetRegion = values.Item2;\n var current = values.Item3;\n return $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:glue:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:catalog\";\n }),\n BufferingSize = 10,\n BufferingInterval = 400,\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n },\n DestinationTableConfigurations = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationDestinationTableConfigurationArgs\n {\n DatabaseName = test.Name,\n TableName = testCatalogTable.Name,\n },\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, \u0026aws.GetCallerIdentityArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetPartition, err := aws.GetPartition(ctx, \u0026aws.GetPartitionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, \u0026aws.GetRegionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"test-bucket\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := glue.NewCatalogDatabase(ctx, \"test\", \u0026glue.CatalogDatabaseArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestCatalogTable, err := glue.NewCatalogTable(ctx, \"test\", \u0026glue.CatalogTableArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tDatabaseName: test.Name,\n\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\"format\": pulumi.String(\"parquet\"),\n\t\t\t},\n\t\t\tTableType: pulumi.String(\"EXTERNAL_TABLE\"),\n\t\t\tOpenTableFormatInput: \u0026glue.CatalogTableOpenTableFormatInputArgs{\n\t\t\t\tIcebergInput: \u0026glue.CatalogTableOpenTableFormatInputIcebergInputArgs{\n\t\t\t\t\tMetadataOperation: pulumi.String(\"CREATE\"),\n\t\t\t\t\tVersion: pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tStorageDescriptor: \u0026glue.CatalogTableStorageDescriptorArgs{\n\t\t\t\tLocation: bucket.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"s3://%v\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tColumns: glue.CatalogTableStorageDescriptorColumnArray{\n\t\t\t\t\t\u0026glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"my_column_1\"),\n\t\t\t\t\t\tType: pulumi.String(\"int\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"iceberg\"),\n\t\t\tIcebergConfiguration: \u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tCatalogArn: pulumi.Sprintf(\"arn:%v:glue:%v:%v:catalog\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t\t},\n\t\t\t\tDestinationTableConfigurations: kinesis.FirehoseDeliveryStreamIcebergConfigurationDestinationTableConfigurationArray{\n\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationDestinationTableConfigurationArgs{\n\t\t\t\t\t\tDatabaseName: test.Name,\n\t\t\t\t\t\tTableName: testCatalogTable.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.glue.CatalogDatabase;\nimport com.pulumi.aws.glue.CatalogDatabaseArgs;\nimport com.pulumi.aws.glue.CatalogTable;\nimport com.pulumi.aws.glue.CatalogTableArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableOpenTableFormatInputArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableOpenTableFormatInputIcebergInputArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableStorageDescriptorArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamIcebergConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamIcebergConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetPartition = AwsFunctions.getPartition();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder()\n .bucket(\"test-bucket\")\n .forceDestroy(true)\n .build());\n\n var test = new CatalogDatabase(\"test\", CatalogDatabaseArgs.builder()\n .name(\"test\")\n .build());\n\n var testCatalogTable = new CatalogTable(\"testCatalogTable\", CatalogTableArgs.builder()\n .name(\"test\")\n .databaseName(test.name())\n .parameters(Map.of(\"format\", \"parquet\"))\n .tableType(\"EXTERNAL_TABLE\")\n .openTableFormatInput(CatalogTableOpenTableFormatInputArgs.builder()\n .icebergInput(CatalogTableOpenTableFormatInputIcebergInputArgs.builder()\n .metadataOperation(\"CREATE\")\n .version(2)\n .build())\n .build())\n .storageDescriptor(CatalogTableStorageDescriptorArgs.builder()\n .location(bucket.id().applyValue(id -\u003e String.format(\"s3://%s\", id)))\n .columns(CatalogTableStorageDescriptorColumnArgs.builder()\n .name(\"my_column_1\")\n .type(\"int\")\n .build())\n .build())\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"iceberg\")\n .icebergConfiguration(FirehoseDeliveryStreamIcebergConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .catalogArn(String.format(\"arn:%s:glue:%s:%s:catalog\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .bufferingSize(10)\n .bufferingInterval(400)\n .s3Configuration(FirehoseDeliveryStreamIcebergConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .build())\n .destinationTableConfigurations(FirehoseDeliveryStreamIcebergConfigurationDestinationTableConfigurationArgs.builder()\n .databaseName(test.name())\n .tableName(testCatalogTable.name())\n .build())\n .processingConfiguration(FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: test-bucket\n forceDestroy: true\n test:\n type: aws:glue:CatalogDatabase\n properties:\n name: test\n testCatalogTable:\n type: aws:glue:CatalogTable\n name: test\n properties:\n name: test\n databaseName: ${test.name}\n parameters:\n format: parquet\n tableType: EXTERNAL_TABLE\n openTableFormatInput:\n icebergInput:\n metadataOperation: CREATE\n version: 2\n storageDescriptor:\n location: s3://${bucket.id}\n columns:\n - name: my_column_1\n type: int\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: iceberg\n icebergConfiguration:\n roleArn: ${firehoseRole.arn}\n catalogArn: arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:catalog\n bufferingSize: 10\n bufferingInterval: 400\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n destinationTableConfigurations:\n - databaseName: ${test.name}\n tableName: ${testCatalogTable.name}\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\nvariables:\n current:\n fn::invoke:\n function: aws:getCallerIdentity\n arguments: {}\n currentGetPartition:\n fn::invoke:\n function: aws:getPartition\n arguments: {}\n currentGetRegion:\n fn::invoke:\n function: aws:getRegion\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Splunk Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"splunk\",\n splunkConfiguration: {\n hecEndpoint: \"https://http-inputs-mydomain.splunkcloud.com:443\",\n hecToken: \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n hecAcknowledgmentTimeout: 600,\n hecEndpointType: \"Event\",\n s3BackupMode: \"FailedEventsOnly\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"splunk\",\n splunk_configuration={\n \"hec_endpoint\": \"https://http-inputs-mydomain.splunkcloud.com:443\",\n \"hec_token\": \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n \"hec_acknowledgment_timeout\": 600,\n \"hec_endpoint_type\": \"Event\",\n \"s3_backup_mode\": \"FailedEventsOnly\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"splunk\",\n SplunkConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSplunkConfigurationArgs\n {\n HecEndpoint = \"https://http-inputs-mydomain.splunkcloud.com:443\",\n HecToken = \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n HecAcknowledgmentTimeout = 600,\n HecEndpointType = \"Event\",\n S3BackupMode = \"FailedEventsOnly\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"splunk\"),\n\t\t\tSplunkConfiguration: \u0026kinesis.FirehoseDeliveryStreamSplunkConfigurationArgs{\n\t\t\t\tHecEndpoint: pulumi.String(\"https://http-inputs-mydomain.splunkcloud.com:443\"),\n\t\t\t\tHecToken: pulumi.String(\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\"),\n\t\t\t\tHecAcknowledgmentTimeout: pulumi.Int(600),\n\t\t\t\tHecEndpointType: pulumi.String(\"Event\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedEventsOnly\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSplunkConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"splunk\")\n .splunkConfiguration(FirehoseDeliveryStreamSplunkConfigurationArgs.builder()\n .hecEndpoint(\"https://http-inputs-mydomain.splunkcloud.com:443\")\n .hecToken(\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\")\n .hecAcknowledgmentTimeout(600)\n .hecEndpointType(\"Event\")\n .s3BackupMode(\"FailedEventsOnly\")\n .s3Configuration(FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: splunk\n splunkConfiguration:\n hecEndpoint: https://http-inputs-mydomain.splunkcloud.com:443\n hecToken: 51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\n hecAcknowledgmentTimeout: 600\n hecEndpointType: Event\n s3BackupMode: FailedEventsOnly\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### HTTP Endpoint (e.g., New Relic) Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"http_endpoint\",\n httpEndpointConfiguration: {\n url: \"https://aws-api.newrelic.com/firehose/v1\",\n name: \"New Relic\",\n accessKey: \"my-key\",\n bufferingSize: 15,\n bufferingInterval: 600,\n roleArn: firehose.arn,\n s3BackupMode: \"FailedDataOnly\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n requestConfiguration: {\n contentEncoding: \"GZIP\",\n commonAttributes: [\n {\n name: \"testname\",\n value: \"testvalue\",\n },\n {\n name: \"testname2\",\n value: \"testvalue2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"http_endpoint\",\n http_endpoint_configuration={\n \"url\": \"https://aws-api.newrelic.com/firehose/v1\",\n \"name\": \"New Relic\",\n \"access_key\": \"my-key\",\n \"buffering_size\": 15,\n \"buffering_interval\": 600,\n \"role_arn\": firehose[\"arn\"],\n \"s3_backup_mode\": \"FailedDataOnly\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"request_configuration\": {\n \"content_encoding\": \"GZIP\",\n \"common_attributes\": [\n {\n \"name\": \"testname\",\n \"value\": \"testvalue\",\n },\n {\n \"name\": \"testname2\",\n \"value\": \"testvalue2\",\n },\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"http_endpoint\",\n HttpEndpointConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationArgs\n {\n Url = \"https://aws-api.newrelic.com/firehose/v1\",\n Name = \"New Relic\",\n AccessKey = \"my-key\",\n BufferingSize = 15,\n BufferingInterval = 600,\n RoleArn = firehose.Arn,\n S3BackupMode = \"FailedDataOnly\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n RequestConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs\n {\n ContentEncoding = \"GZIP\",\n CommonAttributes = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname\",\n Value = \"testvalue\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname2\",\n Value = \"testvalue2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"http_endpoint\"),\n\t\t\tHttpEndpointConfiguration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationArgs{\n\t\t\t\tUrl: pulumi.String(\"https://aws-api.newrelic.com/firehose/v1\"),\n\t\t\t\tName: pulumi.String(\"New Relic\"),\n\t\t\t\tAccessKey: pulumi.String(\"my-key\"),\n\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\tBufferingInterval: pulumi.Int(600),\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedDataOnly\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tRequestConfiguration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs{\n\t\t\t\t\tContentEncoding: pulumi.String(\"GZIP\"),\n\t\t\t\t\tCommonAttributes: kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname2\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"http_endpoint\")\n .httpEndpointConfiguration(FirehoseDeliveryStreamHttpEndpointConfigurationArgs.builder()\n .url(\"https://aws-api.newrelic.com/firehose/v1\")\n .name(\"New Relic\")\n .accessKey(\"my-key\")\n .bufferingSize(15)\n .bufferingInterval(600)\n .roleArn(firehose.arn())\n .s3BackupMode(\"FailedDataOnly\")\n .s3Configuration(FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .requestConfiguration(FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs.builder()\n .contentEncoding(\"GZIP\")\n .commonAttributes( \n FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs.builder()\n .name(\"testname\")\n .value(\"testvalue\")\n .build(),\n FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs.builder()\n .name(\"testname2\")\n .value(\"testvalue2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: http_endpoint\n httpEndpointConfiguration:\n url: https://aws-api.newrelic.com/firehose/v1\n name: New Relic\n accessKey: my-key\n bufferingSize: 15\n bufferingInterval: 600\n roleArn: ${firehose.arn}\n s3BackupMode: FailedDataOnly\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n requestConfiguration:\n contentEncoding: GZIP\n commonAttributes:\n - name: testname\n value: testvalue\n - name: testname2\n value: testvalue2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Snowflake Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSnowflakeDestination = new aws.kinesis.FirehoseDeliveryStream(\"example_snowflake_destination\", {\n name: \"example-snowflake-destination\",\n destination: \"snowflake\",\n snowflakeConfiguration: {\n accountUrl: \"https://example.snowflakecomputing.com\",\n bufferingSize: 15,\n bufferingInterval: 600,\n database: \"example-db\",\n privateKey: \"...\",\n roleArn: firehose.arn,\n schema: \"example-schema\",\n table: \"example-table\",\n user: \"example-usr\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_snowflake_destination = aws.kinesis.FirehoseDeliveryStream(\"example_snowflake_destination\",\n name=\"example-snowflake-destination\",\n destination=\"snowflake\",\n snowflake_configuration={\n \"account_url\": \"https://example.snowflakecomputing.com\",\n \"buffering_size\": 15,\n \"buffering_interval\": 600,\n \"database\": \"example-db\",\n \"private_key\": \"...\",\n \"role_arn\": firehose[\"arn\"],\n \"schema\": \"example-schema\",\n \"table\": \"example-table\",\n \"user\": \"example-usr\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleSnowflakeDestination = new Aws.Kinesis.FirehoseDeliveryStream(\"example_snowflake_destination\", new()\n {\n Name = \"example-snowflake-destination\",\n Destination = \"snowflake\",\n SnowflakeConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSnowflakeConfigurationArgs\n {\n AccountUrl = \"https://example.snowflakecomputing.com\",\n BufferingSize = 15,\n BufferingInterval = 600,\n Database = \"example-db\",\n PrivateKey = \"...\",\n RoleArn = firehose.Arn,\n Schema = \"example-schema\",\n Table = \"example-table\",\n User = \"example-usr\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"example_snowflake_destination\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"example-snowflake-destination\"),\n\t\t\tDestination: pulumi.String(\"snowflake\"),\n\t\t\tSnowflakeConfiguration: \u0026kinesis.FirehoseDeliveryStreamSnowflakeConfigurationArgs{\n\t\t\t\tAccountUrl: pulumi.String(\"https://example.snowflakecomputing.com\"),\n\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\tBufferingInterval: pulumi.Int(600),\n\t\t\t\tDatabase: pulumi.String(\"example-db\"),\n\t\t\t\tPrivateKey: pulumi.String(\"...\"),\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tSchema: pulumi.String(\"example-schema\"),\n\t\t\t\tTable: pulumi.String(\"example-table\"),\n\t\t\t\tUser: pulumi.String(\"example-usr\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSnowflakeConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSnowflakeDestination = new FirehoseDeliveryStream(\"exampleSnowflakeDestination\", FirehoseDeliveryStreamArgs.builder()\n .name(\"example-snowflake-destination\")\n .destination(\"snowflake\")\n .snowflakeConfiguration(FirehoseDeliveryStreamSnowflakeConfigurationArgs.builder()\n .accountUrl(\"https://example.snowflakecomputing.com\")\n .bufferingSize(15)\n .bufferingInterval(600)\n .database(\"example-db\")\n .privateKey(\"...\")\n .roleArn(firehose.arn())\n .schema(\"example-schema\")\n .table(\"example-table\")\n .user(\"example-usr\")\n .s3Configuration(FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSnowflakeDestination:\n type: aws:kinesis:FirehoseDeliveryStream\n name: example_snowflake_destination\n properties:\n name: example-snowflake-destination\n destination: snowflake\n snowflakeConfiguration:\n accountUrl: https://example.snowflakecomputing.com\n bufferingSize: 15\n bufferingInterval: 600\n database: example-db\n privateKey: '...'\n roleArn: ${firehose.arn}\n schema: example-schema\n table: example-table\n user: example-usr\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Kinesis Firehose Delivery streams using the stream ARN. For example:\n\n```sh\n$ pulumi import aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream foo arn:aws:firehose:us-east-1:XXX:deliverystream/example\n```\nNote: Import does not work for stream destination `s3`. Consider using `extended_s3` since `s3` destination is deprecated.\n\n", + "description": "Provides a Kinesis Firehose Delivery Stream resource. Amazon Kinesis Firehose is a fully managed, elastic service to easily deliver real-time data streams to destinations such as Amazon S3 , Amazon Redshift and Snowflake.\n\nFor more details, see the [Amazon Kinesis Firehose Documentation](https://aws.amazon.com/documentation/firehose/).\n\n## Example Usage\n\n### Extended S3 Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.BucketV2(\"bucket\", {bucket: \"tf-test-bucket\"});\nconst firehoseAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"firehose.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst firehoseRole = new aws.iam.Role(\"firehose_role\", {\n name: \"firehose_test_role\",\n assumeRolePolicy: firehoseAssumeRole.then(firehoseAssumeRole =\u003e firehoseAssumeRole.json),\n});\nconst lambdaAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"lambda.amazonaws.com\"],\n }],\n actions: [\"sts:AssumeRole\"],\n }],\n});\nconst lambdaIam = new aws.iam.Role(\"lambda_iam\", {\n name: \"lambda_iam\",\n assumeRolePolicy: lambdaAssumeRole.then(lambdaAssumeRole =\u003e lambdaAssumeRole.json),\n});\nconst lambdaProcessor = new aws.lambda.Function(\"lambda_processor\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n name: \"firehose_lambda_processor\",\n role: lambdaIam.arn,\n handler: \"exports.handler\",\n runtime: aws.lambda.Runtime.NodeJS20dX,\n});\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: pulumi.interpolate`${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\nconst bucketAcl = new aws.s3.BucketAclV2(\"bucket_acl\", {\n bucket: bucket.id,\n acl: \"private\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.BucketV2(\"bucket\", bucket=\"tf-test-bucket\")\nfirehose_assume_role = aws.iam.get_policy_document(statements=[{\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"firehose.amazonaws.com\"],\n }],\n \"actions\": [\"sts:AssumeRole\"],\n}])\nfirehose_role = aws.iam.Role(\"firehose_role\",\n name=\"firehose_test_role\",\n assume_role_policy=firehose_assume_role.json)\nlambda_assume_role = aws.iam.get_policy_document(statements=[{\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"lambda.amazonaws.com\"],\n }],\n \"actions\": [\"sts:AssumeRole\"],\n}])\nlambda_iam = aws.iam.Role(\"lambda_iam\",\n name=\"lambda_iam\",\n assume_role_policy=lambda_assume_role.json)\nlambda_processor = aws.lambda_.Function(\"lambda_processor\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n name=\"firehose_lambda_processor\",\n role=lambda_iam.arn,\n handler=\"exports.handler\",\n runtime=aws.lambda_.Runtime.NODE_JS20D_X)\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration={\n \"role_arn\": firehose_role.arn,\n \"bucket_arn\": bucket.arn,\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": lambda_processor.arn.apply(lambda arn: f\"{arn}:$LATEST\"),\n }],\n }],\n },\n })\nbucket_acl = aws.s3.BucketAclV2(\"bucket_acl\",\n bucket=bucket.id,\n acl=\"private\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"tf-test-bucket\",\n });\n\n var firehoseAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"firehose.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var firehoseRole = new Aws.Iam.Role(\"firehose_role\", new()\n {\n Name = \"firehose_test_role\",\n AssumeRolePolicy = firehoseAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaAssumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"lambda.amazonaws.com\",\n },\n },\n },\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n },\n },\n });\n\n var lambdaIam = new Aws.Iam.Role(\"lambda_iam\", new()\n {\n Name = \"lambda_iam\",\n AssumeRolePolicy = lambdaAssumeRole.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n var lambdaProcessor = new Aws.Lambda.Function(\"lambda_processor\", new()\n {\n Code = new FileArchive(\"lambda.zip\"),\n Name = \"firehose_lambda_processor\",\n Role = lambdaIam.Arn,\n Handler = \"exports.handler\",\n Runtime = Aws.Lambda.Runtime.NodeJS20dX,\n });\n\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = lambdaProcessor.Arn.Apply(arn =\u003e $\"{arn}:$LATEST\"),\n },\n },\n },\n },\n },\n },\n });\n\n var bucketAcl = new Aws.S3.BucketAclV2(\"bucket_acl\", new()\n {\n Bucket = bucket.Id,\n Acl = \"private\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"tf-test-bucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"firehose.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseRole, err := iam.NewRole(ctx, \"firehose_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"firehose_test_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(firehoseAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaAssumeRole, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tEffect: pulumi.StringRef(\"Allow\"),\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"lambda.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaIam, err := iam.NewRole(ctx, \"lambda_iam\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"lambda_iam\"),\n\t\t\tAssumeRolePolicy: pulumi.String(lambdaAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaProcessor, err := lambda.NewFunction(ctx, \"lambda_processor\", \u0026lambda.FunctionArgs{\n\t\t\tCode: pulumi.NewFileArchive(\"lambda.zip\"),\n\t\t\tName: pulumi.String(\"firehose_lambda_processor\"),\n\t\t\tRole: lambdaIam.Arn,\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRuntime: pulumi.String(lambda.RuntimeNodeJS20dX),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseRole.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: lambdaProcessor.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v:$LATEST\", arn), nil\n\t\t\t\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketAclV2(ctx, \"bucket_acl\", \u0026s3.BucketAclV2Args{\n\t\t\tBucket: bucket.ID(),\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.lambda.Function;\nimport com.pulumi.aws.lambda.FunctionArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport com.pulumi.aws.s3.BucketAclV2;\nimport com.pulumi.aws.s3.BucketAclV2Args;\nimport com.pulumi.asset.FileArchive;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder()\n .bucket(\"tf-test-bucket\")\n .build());\n\n final var firehoseAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"firehose.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var firehoseRole = new Role(\"firehoseRole\", RoleArgs.builder()\n .name(\"firehose_test_role\")\n .assumeRolePolicy(firehoseAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n final var lambdaAssumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"lambda.amazonaws.com\")\n .build())\n .actions(\"sts:AssumeRole\")\n .build())\n .build());\n\n var lambdaIam = new Role(\"lambdaIam\", RoleArgs.builder()\n .name(\"lambda_iam\")\n .assumeRolePolicy(lambdaAssumeRole.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n var lambdaProcessor = new Function(\"lambdaProcessor\", FunctionArgs.builder()\n .code(new FileArchive(\"lambda.zip\"))\n .name(\"firehose_lambda_processor\")\n .role(lambdaIam.arn())\n .handler(\"exports.handler\")\n .runtime(\"nodejs20.x\")\n .build());\n\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(lambdaProcessor.arn().applyValue(arn -\u003e String.format(\"%s:$LATEST\", arn)))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n var bucketAcl = new BucketAclV2(\"bucketAcl\", BucketAclV2Args.builder()\n .bucket(bucket.id())\n .acl(\"private\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: tf-test-bucket\n bucketAcl:\n type: aws:s3:BucketAclV2\n name: bucket_acl\n properties:\n bucket: ${bucket.id}\n acl: private\n firehoseRole:\n type: aws:iam:Role\n name: firehose_role\n properties:\n name: firehose_test_role\n assumeRolePolicy: ${firehoseAssumeRole.json}\n lambdaIam:\n type: aws:iam:Role\n name: lambda_iam\n properties:\n name: lambda_iam\n assumeRolePolicy: ${lambdaAssumeRole.json}\n lambdaProcessor:\n type: aws:lambda:Function\n name: lambda_processor\n properties:\n code:\n fn::FileArchive: lambda.zip\n name: firehose_lambda_processor\n role: ${lambdaIam.arn}\n handler: exports.handler\n runtime: nodejs20.x\nvariables:\n firehoseAssumeRole:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - firehose.amazonaws.com\n actions:\n - sts:AssumeRole\n lambdaAssumeRole:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n principals:\n - type: Service\n identifiers:\n - lambda.amazonaws.com\n actions:\n - sts:AssumeRole\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Extended S3 Destination with dynamic partitioning\n\nThese examples use built-in Firehose functionality, rather than requiring a lambda.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 64,\n dynamicPartitioningConfiguration: {\n enabled: true,\n },\n prefix: \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n errorOutputPrefix: \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processingConfiguration: {\n enabled: true,\n processors: [\n {\n type: \"RecordDeAggregation\",\n parameters: [{\n parameterName: \"SubRecordType\",\n parameterValue: \"JSON\",\n }],\n },\n {\n type: \"AppendDelimiterToRecord\",\n },\n {\n type: \"MetadataExtraction\",\n parameters: [\n {\n parameterName: \"JsonParsingEngine\",\n parameterValue: \"JQ-1.6\",\n },\n {\n parameterName: \"MetadataExtractionQuery\",\n parameterValue: \"{customer_id:.customer_id}\",\n },\n ],\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration={\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 64,\n \"dynamic_partitioning_configuration\": {\n \"enabled\": True,\n },\n \"prefix\": \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n \"error_output_prefix\": \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [\n {\n \"type\": \"RecordDeAggregation\",\n \"parameters\": [{\n \"parameter_name\": \"SubRecordType\",\n \"parameter_value\": \"JSON\",\n }],\n },\n {\n \"type\": \"AppendDelimiterToRecord\",\n },\n {\n \"type\": \"MetadataExtraction\",\n \"parameters\": [\n {\n \"parameter_name\": \"JsonParsingEngine\",\n \"parameter_value\": \"JQ-1.6\",\n },\n {\n \"parameter_name\": \"MetadataExtractionQuery\",\n \"parameter_value\": \"{customer_id:.customer_id}\",\n },\n ],\n },\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 64,\n DynamicPartitioningConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs\n {\n Enabled = true,\n },\n Prefix = \"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n ErrorOutputPrefix = \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"RecordDeAggregation\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"SubRecordType\",\n ParameterValue = \"JSON\",\n },\n },\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"AppendDelimiterToRecord\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"MetadataExtraction\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"JsonParsingEngine\",\n ParameterValue = \"JQ-1.6\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"MetadataExtractionQuery\",\n ParameterValue = \"{customer_id:.customer_id}\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\tBufferingSize: pulumi.Int(64),\n\t\t\t\tDynamicPartitioningConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tPrefix: pulumi.String(\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\"),\n\t\t\t\tErrorOutputPrefix: pulumi.String(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\"),\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"RecordDeAggregation\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"SubRecordType\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JSON\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AppendDelimiterToRecord\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"MetadataExtraction\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"JsonParsingEngine\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JQ-1.6\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"MetadataExtractionQuery\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"{customer_id:.customer_id}\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(64)\n .dynamicPartitioningConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs.builder()\n .enabled(\"true\")\n .build())\n .prefix(\"data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\")\n .errorOutputPrefix(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\")\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"RecordDeAggregation\")\n .parameters(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"SubRecordType\")\n .parameterValue(\"JSON\")\n .build())\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"AppendDelimiterToRecord\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"MetadataExtraction\")\n .parameters( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"JsonParsingEngine\")\n .parameterValue(\"JQ-1.6\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"MetadataExtractionQuery\")\n .parameterValue(\"{customer_id:.customer_id}\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 64\n dynamicPartitioningConfiguration:\n enabled: 'true'\n prefix: data/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\n errorOutputPrefix: errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: RecordDeAggregation\n parameters:\n - parameterName: SubRecordType\n parameterValue: JSON\n - type: AppendDelimiterToRecord\n - type: MetadataExtraction\n parameters:\n - parameterName: JsonParsingEngine\n parameterValue: JQ-1.6\n - parameterName: MetadataExtractionQuery\n parameterValue: '{customer_id:.customer_id}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nMultiple Dynamic Partitioning Keys (maximum of 50) can be added by comma separating the `parameter_value`.\n\nThe following example adds the Dynamic Partitioning Keys: `store_id` and `customer_id` to the S3 prefix.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", {\n name: \"kinesis-firehose-extended-s3-test-stream\",\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 64,\n dynamicPartitioningConfiguration: {\n enabled: true,\n },\n prefix: \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n errorOutputPrefix: \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"MetadataExtraction\",\n parameters: [\n {\n parameterName: \"JsonParsingEngine\",\n parameterValue: \"JQ-1.6\",\n },\n {\n parameterName: \"MetadataExtractionQuery\",\n parameterValue: \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n ],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extended_s3_stream\",\n name=\"kinesis-firehose-extended-s3-test-stream\",\n destination=\"extended_s3\",\n extended_s3_configuration={\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 64,\n \"dynamic_partitioning_configuration\": {\n \"enabled\": True,\n },\n \"prefix\": \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n \"error_output_prefix\": \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"MetadataExtraction\",\n \"parameters\": [\n {\n \"parameter_name\": \"JsonParsingEngine\",\n \"parameter_value\": \"JQ-1.6\",\n },\n {\n \"parameter_name\": \"MetadataExtractionQuery\",\n \"parameter_value\": \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n ],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extended_s3_stream\", new()\n {\n Name = \"kinesis-firehose-extended-s3-test-stream\",\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 64,\n DynamicPartitioningConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs\n {\n Enabled = true,\n },\n Prefix = \"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\",\n ErrorOutputPrefix = \"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\",\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"MetadataExtraction\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"JsonParsingEngine\",\n ParameterValue = \"JQ-1.6\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"MetadataExtractionQuery\",\n ParameterValue = \"{store_id:.store_id,customer_id:.customer_id}\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"extended_s3_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-extended-s3-test-stream\"),\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\tBufferingSize: pulumi.Int(64),\n\t\t\t\tDynamicPartitioningConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tPrefix: pulumi.String(\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\"),\n\t\t\t\tErrorOutputPrefix: pulumi.String(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\"),\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"MetadataExtraction\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"JsonParsingEngine\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"JQ-1.6\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"MetadataExtractionQuery\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(\"{store_id:.store_id,customer_id:.customer_id}\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var extendedS3Stream = new FirehoseDeliveryStream(\"extendedS3Stream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-extended-s3-test-stream\")\n .destination(\"extended_s3\")\n .extendedS3Configuration(FirehoseDeliveryStreamExtendedS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(64)\n .dynamicPartitioningConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationDynamicPartitioningConfigurationArgs.builder()\n .enabled(\"true\")\n .build())\n .prefix(\"data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\")\n .errorOutputPrefix(\"errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\")\n .processingConfiguration(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"MetadataExtraction\")\n .parameters( \n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"JsonParsingEngine\")\n .parameterValue(\"JQ-1.6\")\n .build(),\n FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"MetadataExtractionQuery\")\n .parameterValue(\"{store_id:.store_id,customer_id:.customer_id}\")\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n extendedS3Stream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: extended_s3_stream\n properties:\n name: kinesis-firehose-extended-s3-test-stream\n destination: extended_s3\n extendedS3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 64\n dynamicPartitioningConfiguration:\n enabled: 'true'\n prefix: data/store_id=!{partitionKeyFromQuery:store_id}/customer_id=!{partitionKeyFromQuery:customer_id}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/\n errorOutputPrefix: errors/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/hour=!{timestamp:HH}/!{firehose:error-output-type}/\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: MetadataExtraction\n parameters:\n - parameterName: JsonParsingEngine\n parameterValue: JQ-1.6\n - parameterName: MetadataExtractionQuery\n parameterValue: '{store_id:.store_id,customer_id:.customer_id}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Redshift Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.redshift.Cluster(\"test_cluster\", {\n clusterIdentifier: \"tf-redshift-cluster\",\n databaseName: \"test\",\n masterUsername: \"testuser\",\n masterPassword: \"T3stPass\",\n nodeType: \"dc1.large\",\n clusterType: \"single-node\",\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"redshift\",\n redshiftConfiguration: {\n roleArn: firehoseRole.arn,\n clusterJdbcurl: pulumi.interpolate`jdbc:redshift://${testCluster.endpoint}/${testCluster.databaseName}`,\n username: \"testuser\",\n password: \"T3stPass\",\n dataTableName: \"test-table\",\n copyOptions: \"delimiter '|'\",\n dataTableColumns: \"test-col\",\n s3BackupMode: \"Enabled\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n s3BackupConfiguration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 15,\n bufferingInterval: 300,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.redshift.Cluster(\"test_cluster\",\n cluster_identifier=\"tf-redshift-cluster\",\n database_name=\"test\",\n master_username=\"testuser\",\n master_password=\"T3stPass\",\n node_type=\"dc1.large\",\n cluster_type=\"single-node\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"redshift\",\n redshift_configuration={\n \"role_arn\": firehose_role[\"arn\"],\n \"cluster_jdbcurl\": pulumi.Output.all(\n endpoint=test_cluster.endpoint,\n database_name=test_cluster.database_name\n).apply(lambda resolved_outputs: f\"jdbc:redshift://{resolved_outputs['endpoint']}/{resolved_outputs['database_name']}\")\n,\n \"username\": \"testuser\",\n \"password\": \"T3stPass\",\n \"data_table_name\": \"test-table\",\n \"copy_options\": \"delimiter '|'\",\n \"data_table_columns\": \"test-col\",\n \"s3_backup_mode\": \"Enabled\",\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"s3_backup_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 15,\n \"buffering_interval\": 300,\n \"compression_format\": \"GZIP\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.RedShift.Cluster(\"test_cluster\", new()\n {\n ClusterIdentifier = \"tf-redshift-cluster\",\n DatabaseName = \"test\",\n MasterUsername = \"testuser\",\n MasterPassword = \"T3stPass\",\n NodeType = \"dc1.large\",\n ClusterType = \"single-node\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"redshift\",\n RedshiftConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n ClusterJdbcurl = Output.Tuple(testCluster.Endpoint, testCluster.DatabaseName).Apply(values =\u003e\n {\n var endpoint = values.Item1;\n var databaseName = values.Item2;\n return $\"jdbc:redshift://{endpoint}/{databaseName}\";\n }),\n Username = \"testuser\",\n Password = \"T3stPass\",\n DataTableName = \"test-table\",\n CopyOptions = \"delimiter '|'\",\n DataTableColumns = \"test-col\",\n S3BackupMode = \"Enabled\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n S3BackupConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 15,\n BufferingInterval = 300,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := redshift.NewCluster(ctx, \"test_cluster\", \u0026redshift.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift-cluster\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tMasterUsername: pulumi.String(\"testuser\"),\n\t\t\tMasterPassword: pulumi.String(\"T3stPass\"),\n\t\t\tNodeType: pulumi.String(\"dc1.large\"),\n\t\t\tClusterType: pulumi.String(\"single-node\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"redshift\"),\n\t\t\tRedshiftConfiguration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tClusterJdbcurl: pulumi.All(testCluster.Endpoint, testCluster.DatabaseName).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tendpoint := _args[0].(string)\n\t\t\t\t\tdatabaseName := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"jdbc:redshift://%v/%v\", endpoint, databaseName), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tUsername: pulumi.String(\"testuser\"),\n\t\t\t\tPassword: pulumi.String(\"T3stPass\"),\n\t\t\t\tDataTableName: pulumi.String(\"test-table\"),\n\t\t\t\tCopyOptions: pulumi.String(\"delimiter '|'\"),\n\t\t\t\tDataTableColumns: pulumi.String(\"test-col\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"Enabled\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tS3BackupConfiguration: \u0026kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\t\tBufferingInterval: pulumi.Int(300),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.redshift.Cluster;\nimport com.pulumi.aws.redshift.ClusterArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Cluster(\"testCluster\", ClusterArgs.builder()\n .clusterIdentifier(\"tf-redshift-cluster\")\n .databaseName(\"test\")\n .masterUsername(\"testuser\")\n .masterPassword(\"T3stPass\")\n .nodeType(\"dc1.large\")\n .clusterType(\"single-node\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"redshift\")\n .redshiftConfiguration(FirehoseDeliveryStreamRedshiftConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .clusterJdbcurl(Output.tuple(testCluster.endpoint(), testCluster.databaseName()).applyValue(values -\u003e {\n var endpoint = values.t1;\n var databaseName = values.t2;\n return String.format(\"jdbc:redshift://%s/%s\", endpoint,databaseName);\n }))\n .username(\"testuser\")\n .password(\"T3stPass\")\n .dataTableName(\"test-table\")\n .copyOptions(\"delimiter '|'\")\n .dataTableColumns(\"test-col\")\n .s3BackupMode(\"Enabled\")\n .s3Configuration(FirehoseDeliveryStreamRedshiftConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .s3BackupConfiguration(FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(15)\n .bufferingInterval(300)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:redshift:Cluster\n name: test_cluster\n properties:\n clusterIdentifier: tf-redshift-cluster\n databaseName: test\n masterUsername: testuser\n masterPassword: T3stPass\n nodeType: dc1.large\n clusterType: single-node\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: redshift\n redshiftConfiguration:\n roleArn: ${firehoseRole.arn}\n clusterJdbcurl: jdbc:redshift://${testCluster.endpoint}/${testCluster.databaseName}\n username: testuser\n password: T3stPass\n dataTableName: test-table\n copyOptions: delimiter '|'\n dataTableColumns: test-col\n s3BackupMode: Enabled\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n s3BackupConfiguration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 15\n bufferingInterval: 300\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Elasticsearch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"test_cluster\", {domainName: \"firehose-es-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"elasticsearch\",\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n typeName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"test_cluster\", domain_name=\"firehose-es-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"elasticsearch\",\n elasticsearch_configuration={\n \"domain_arn\": test_cluster.arn,\n \"role_arn\": firehose_role[\"arn\"],\n \"index_name\": \"test\",\n \"type_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": f\"{lambda_processor['arn']}:$LATEST\",\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.ElasticSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"firehose-es-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"elasticsearch\",\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"test_cluster\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"firehose-es-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tElasticsearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder()\n .domainName(\"firehose-es-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"elasticsearch\")\n .elasticsearchConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .typeName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:elasticsearch:Domain\n name: test_cluster\n properties:\n domainName: firehose-es-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: elasticsearch\n elasticsearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehoseRole.arn}\n indexName: test\n typeName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Elasticsearch Destination With VPC\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"test_cluster\", {\n domainName: \"es-test\",\n clusterConfig: {\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n instanceType: \"t2.small.elasticsearch\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n vpcOptions: {\n securityGroupIds: [first.id],\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n },\n});\nconst firehose_elasticsearch = aws.iam.getPolicyDocumentOutput({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"es:*\"],\n resources: [\n testCluster.arn,\n pulumi.interpolate`${testCluster.arn}/*`,\n ],\n },\n {\n effect: \"Allow\",\n actions: [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n ],\n resources: [\"*\"],\n },\n ],\n});\nconst firehose_elasticsearchRolePolicy = new aws.iam.RolePolicy(\"firehose-elasticsearch\", {\n name: \"elasticsearch\",\n role: firehose.id,\n policy: firehose_elasticsearch.apply(firehose_elasticsearch =\u003e firehose_elasticsearch.json),\n});\nconst test = new aws.kinesis.FirehoseDeliveryStream(\"test\", {\n name: \"kinesis-firehose-es\",\n destination: \"elasticsearch\",\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehose.arn,\n indexName: \"test\",\n typeName: \"test\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n },\n vpcConfig: {\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n securityGroupIds: [first.id],\n roleArn: firehose.arn,\n },\n },\n}, {\n dependsOn: [firehose_elasticsearchRolePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"test_cluster\",\n domain_name=\"es-test\",\n cluster_config={\n \"instance_count\": 2,\n \"zone_awareness_enabled\": True,\n \"instance_type\": \"t2.small.elasticsearch\",\n },\n ebs_options={\n \"ebs_enabled\": True,\n \"volume_size\": 10,\n },\n vpc_options={\n \"security_group_ids\": [first[\"id\"]],\n \"subnet_ids\": [\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n })\nfirehose_elasticsearch = aws.iam.get_policy_document_output(statements=[\n {\n \"effect\": \"Allow\",\n \"actions\": [\"es:*\"],\n \"resources\": [\n test_cluster.arn,\n test_cluster.arn.apply(lambda arn: f\"{arn}/*\"),\n ],\n },\n {\n \"effect\": \"Allow\",\n \"actions\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n ],\n \"resources\": [\"*\"],\n },\n])\nfirehose_elasticsearch_role_policy = aws.iam.RolePolicy(\"firehose-elasticsearch\",\n name=\"elasticsearch\",\n role=firehose[\"id\"],\n policy=firehose_elasticsearch.json)\ntest = aws.kinesis.FirehoseDeliveryStream(\"test\",\n name=\"kinesis-firehose-es\",\n destination=\"elasticsearch\",\n elasticsearch_configuration={\n \"domain_arn\": test_cluster.arn,\n \"role_arn\": firehose[\"arn\"],\n \"index_name\": \"test\",\n \"type_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n },\n \"vpc_config\": {\n \"subnet_ids\": [\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n \"security_group_ids\": [first[\"id\"]],\n \"role_arn\": firehose[\"arn\"],\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[firehose_elasticsearch_role_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.ElasticSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"es-test\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceCount = 2,\n ZoneAwarenessEnabled = true,\n InstanceType = \"t2.small.elasticsearch\",\n },\n EbsOptions = new Aws.ElasticSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n },\n });\n\n var firehose_elasticsearch = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"es:*\",\n },\n Resources = new[]\n {\n testCluster.Arn,\n $\"{testCluster.Arn}/*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Actions = new[]\n {\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var firehose_elasticsearchRolePolicy = new Aws.Iam.RolePolicy(\"firehose-elasticsearch\", new()\n {\n Name = \"elasticsearch\",\n Role = firehose.Id,\n Policy = firehose_elasticsearch.Apply(firehose_elasticsearch =\u003e firehose_elasticsearch.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var test = new Aws.Kinesis.FirehoseDeliveryStream(\"test\", new()\n {\n Name = \"kinesis-firehose-es\",\n Destination = \"elasticsearch\",\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehose.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n },\n VpcConfig = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs\n {\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n RoleArn = firehose.Arn,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firehose_elasticsearchRolePolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"test_cluster\", \u0026elasticsearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"es-test\"),\n\t\t\tClusterConfig: \u0026elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceCount: pulumi.Int(2),\n\t\t\t\tZoneAwarenessEnabled: pulumi.Bool(true),\n\t\t\t\tInstanceType: pulumi.String(\"t2.small.elasticsearch\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026elasticsearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tVpcOptions: \u0026elasticsearch.DomainVpcOptionsArgs{\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tfirst.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\tsecond.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehose_elasticsearch := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\n\t\t\tStatements: iam.GetPolicyDocumentStatementArray{\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"es:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\ttestCluster.Arn,\n\t\t\t\t\t\ttestCluster.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\t\t\t\treturn fmt.Sprintf(\"%v/*\", arn), nil\n\t\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026iam.GetPolicyDocumentStatementArgs{\n\t\t\t\t\tEffect: pulumi.String(\"Allow\"),\n\t\t\t\t\tActions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeVpcs\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeVpcAttribute\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeSubnets\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeSecurityGroups\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DescribeNetworkInterfaces\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:CreateNetworkInterface\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:CreateNetworkInterfacePermission\"),\n\t\t\t\t\t\tpulumi.String(\"ec2:DeleteNetworkInterface\"),\n\t\t\t\t\t},\n\t\t\t\t\tResources: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose-elasticsearch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"elasticsearch\"),\n\t\t\tRole: pulumi.Any(firehose.Id),\n\t\t\tPolicy: pulumi.String(firehose_elasticsearch.ApplyT(func(firehose_elasticsearch iam.GetPolicyDocumentResult) (*string, error) {\n\t\t\t\treturn \u0026firehose_elasticsearch.Json, nil\n\t\t\t}).(pulumi.StringPtrOutput)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-es\"),\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tElasticsearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t},\n\t\t\t\tVpcConfig: \u0026kinesis.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs{\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\t\tsecond.Id,\n\t\t\t\t\t},\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tfirst.Id,\n\t\t\t\t\t},\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirehose_elasticsearchRolePolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.elasticsearch.Domain;\nimport com.pulumi.aws.elasticsearch.DomainArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.elasticsearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder()\n .domainName(\"es-test\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceCount(2)\n .zoneAwarenessEnabled(true)\n .instanceType(\"t2.small.elasticsearch\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .securityGroupIds(first.id())\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .build())\n .build());\n\n final var firehose-elasticsearch = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions(\"es:*\")\n .resources( \n testCluster.arn(),\n testCluster.arn().applyValue(arn -\u003e String.format(\"%s/*\", arn)))\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .actions( \n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\")\n .resources(\"*\")\n .build())\n .build());\n\n var firehose_elasticsearchRolePolicy = new RolePolicy(\"firehose-elasticsearchRolePolicy\", RolePolicyArgs.builder()\n .name(\"elasticsearch\")\n .role(firehose.id())\n .policy(firehose_elasticsearch.applyValue(firehose_elasticsearch -\u003e firehose_elasticsearch.json()))\n .build());\n\n var test = new FirehoseDeliveryStream(\"test\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-es\")\n .destination(\"elasticsearch\")\n .elasticsearchConfiguration(FirehoseDeliveryStreamElasticsearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehose.arn())\n .indexName(\"test\")\n .typeName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamElasticsearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .build())\n .vpcConfig(FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs.builder()\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .securityGroupIds(first.id())\n .roleArn(firehose.arn())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(firehose_elasticsearchRolePolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:elasticsearch:Domain\n name: test_cluster\n properties:\n domainName: es-test\n clusterConfig:\n instanceCount: 2\n zoneAwarenessEnabled: true\n instanceType: t2.small.elasticsearch\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n vpcOptions:\n securityGroupIds:\n - ${first.id}\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n firehose-elasticsearchRolePolicy:\n type: aws:iam:RolePolicy\n name: firehose-elasticsearch\n properties:\n name: elasticsearch\n role: ${firehose.id}\n policy: ${[\"firehose-elasticsearch\"].json}\n test:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: kinesis-firehose-es\n destination: elasticsearch\n elasticsearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehose.arn}\n indexName: test\n typeName: test\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n vpcConfig:\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n securityGroupIds:\n - ${first.id}\n roleArn: ${firehose.arn}\n options:\n dependsOn:\n - ${[\"firehose-elasticsearchRolePolicy\"]}\nvariables:\n firehose-elasticsearch:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n actions:\n - es:*\n resources:\n - ${testCluster.arn}\n - ${testCluster.arn}/*\n - effect: Allow\n actions:\n - ec2:DescribeVpcs\n - ec2:DescribeVpcAttribute\n - ec2:DescribeSubnets\n - ec2:DescribeSecurityGroups\n - ec2:DescribeNetworkInterfaces\n - ec2:CreateNetworkInterface\n - ec2:CreateNetworkInterfacePermission\n - ec2:DeleteNetworkInterface\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.opensearch.Domain(\"test_cluster\", {domainName: \"firehose-os-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"opensearch\",\n opensearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.opensearch.Domain(\"test_cluster\", domain_name=\"firehose-os-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"opensearch\",\n opensearch_configuration={\n \"domain_arn\": test_cluster.arn,\n \"role_arn\": firehose_role[\"arn\"],\n \"index_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": f\"{lambda_processor['arn']}:$LATEST\",\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.OpenSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"firehose-os-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"opensearch\",\n OpensearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := opensearch.NewDomain(ctx, \"test_cluster\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"firehose-os-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"opensearch\"),\n\t\t\tOpensearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder()\n .domainName(\"firehose-os-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"opensearch\")\n .opensearchConfiguration(FirehoseDeliveryStreamOpensearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamOpensearchConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:opensearch:Domain\n name: test_cluster\n properties:\n domainName: firehose-os-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: opensearch\n opensearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehoseRole.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Destination With VPC\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.opensearch.Domain(\"test_cluster\", {\n domainName: \"es-test\",\n clusterConfig: {\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n instanceType: \"m4.large.search\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n vpcOptions: {\n securityGroupIds: [first.id],\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n },\n});\nconst firehose_opensearch = new aws.iam.RolePolicy(\"firehose-opensearch\", {\n name: \"opensearch\",\n role: firehose.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"${testCluster.arn}\",\n \"${testCluster.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`,\n});\nconst test = new aws.kinesis.FirehoseDeliveryStream(\"test\", {\n name: \"pulumi-kinesis-firehose-os\",\n destination: \"opensearch\",\n opensearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: firehose.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n },\n vpcConfig: {\n subnetIds: [\n firstAwsSubnet.id,\n second.id,\n ],\n securityGroupIds: [first.id],\n roleArn: firehose.arn,\n },\n },\n}, {\n dependsOn: [firehose_opensearch],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.opensearch.Domain(\"test_cluster\",\n domain_name=\"es-test\",\n cluster_config={\n \"instance_count\": 2,\n \"zone_awareness_enabled\": True,\n \"instance_type\": \"m4.large.search\",\n },\n ebs_options={\n \"ebs_enabled\": True,\n \"volume_size\": 10,\n },\n vpc_options={\n \"security_group_ids\": [first[\"id\"]],\n \"subnet_ids\": [\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n })\nfirehose_opensearch = aws.iam.RolePolicy(\"firehose-opensearch\",\n name=\"opensearch\",\n role=firehose[\"id\"],\n policy=pulumi.Output.all(\n testClusterArn=test_cluster.arn,\n testClusterArn1=test_cluster.arn\n).apply(lambda resolved_outputs: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"{resolved_outputs['testClusterArn']}\",\n \"{resolved_outputs['testClusterArn1']}/*\"\n ]\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }}\n ]\n}}\n\"\"\")\n)\ntest = aws.kinesis.FirehoseDeliveryStream(\"test\",\n name=\"pulumi-kinesis-firehose-os\",\n destination=\"opensearch\",\n opensearch_configuration={\n \"domain_arn\": test_cluster.arn,\n \"role_arn\": firehose[\"arn\"],\n \"index_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n },\n \"vpc_config\": {\n \"subnet_ids\": [\n first_aws_subnet[\"id\"],\n second[\"id\"],\n ],\n \"security_group_ids\": [first[\"id\"]],\n \"role_arn\": firehose[\"arn\"],\n },\n },\n opts = pulumi.ResourceOptions(depends_on=[firehose_opensearch]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCluster = new Aws.OpenSearch.Domain(\"test_cluster\", new()\n {\n DomainName = \"es-test\",\n ClusterConfig = new Aws.OpenSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceCount = 2,\n ZoneAwarenessEnabled = true,\n InstanceType = \"m4.large.search\",\n },\n EbsOptions = new Aws.OpenSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n VpcOptions = new Aws.OpenSearch.Inputs.DomainVpcOptionsArgs\n {\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n },\n });\n\n var firehose_opensearch = new Aws.Iam.RolePolicy(\"firehose-opensearch\", new()\n {\n Name = \"opensearch\",\n Role = firehose.Id,\n Policy = Output.Tuple(testCluster.Arn, testCluster.Arn).Apply(values =\u003e\n {\n var testClusterArn = values.Item1;\n var testClusterArn1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"es:*\"\"\n ],\n \"\"Resource\"\": [\n \"\"{testClusterArn}\"\",\n \"\"{testClusterArn1}/*\"\"\n ]\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:DescribeVpcs\"\",\n \"\"ec2:DescribeVpcAttribute\"\",\n \"\"ec2:DescribeSubnets\"\",\n \"\"ec2:DescribeSecurityGroups\"\",\n \"\"ec2:DescribeNetworkInterfaces\"\",\n \"\"ec2:CreateNetworkInterface\"\",\n \"\"ec2:CreateNetworkInterfacePermission\"\",\n \"\"ec2:DeleteNetworkInterface\"\"\n ],\n \"\"Resource\"\": [\n \"\"*\"\"\n ]\n }}\n ]\n}}\n\";\n }),\n });\n\n var test = new Aws.Kinesis.FirehoseDeliveryStream(\"test\", new()\n {\n Name = \"pulumi-kinesis-firehose-os\",\n Destination = \"opensearch\",\n OpensearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = firehose.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n },\n VpcConfig = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs\n {\n SubnetIds = new[]\n {\n firstAwsSubnet.Id,\n second.Id,\n },\n SecurityGroupIds = new[]\n {\n first.Id,\n },\n RoleArn = firehose.Arn,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n firehose_opensearch,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := opensearch.NewDomain(ctx, \"test_cluster\", \u0026opensearch.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"es-test\"),\n\t\t\tClusterConfig: \u0026opensearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceCount: pulumi.Int(2),\n\t\t\t\tZoneAwarenessEnabled: pulumi.Bool(true),\n\t\t\t\tInstanceType: pulumi.String(\"m4.large.search\"),\n\t\t\t},\n\t\t\tEbsOptions: \u0026opensearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tVpcOptions: \u0026opensearch.DomainVpcOptionsArgs{\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tfirst.Id,\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\tsecond.Id,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose-opensearch\", \u0026iam.RolePolicyArgs{\n\t\t\tName: pulumi.String(\"opensearch\"),\n\t\t\tRole: pulumi.Any(firehose.Id),\n\t\t\tPolicy: pulumi.All(testCluster.Arn, testCluster.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\ttestClusterArn := _args[0].(string)\n\t\t\t\ttestClusterArn1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"%v\",\n \"%v/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`, testClusterArn, testClusterArn1), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"pulumi-kinesis-firehose-os\"),\n\t\t\tDestination: pulumi.String(\"opensearch\"),\n\t\t\tOpensearchConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t},\n\t\t\t\tVpcConfig: \u0026kinesis.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs{\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tfirstAwsSubnet.Id,\n\t\t\t\t\t\tsecond.Id,\n\t\t\t\t\t},\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tfirst.Id,\n\t\t\t\t\t},\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirehose_opensearch,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.Domain;\nimport com.pulumi.aws.opensearch.DomainArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainClusterConfigArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainEbsOptionsArgs;\nimport com.pulumi.aws.opensearch.inputs.DomainVpcOptionsArgs;\nimport com.pulumi.aws.iam.RolePolicy;\nimport com.pulumi.aws.iam.RolePolicyArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCluster = new Domain(\"testCluster\", DomainArgs.builder()\n .domainName(\"es-test\")\n .clusterConfig(DomainClusterConfigArgs.builder()\n .instanceCount(2)\n .zoneAwarenessEnabled(true)\n .instanceType(\"m4.large.search\")\n .build())\n .ebsOptions(DomainEbsOptionsArgs.builder()\n .ebsEnabled(true)\n .volumeSize(10)\n .build())\n .vpcOptions(DomainVpcOptionsArgs.builder()\n .securityGroupIds(first.id())\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .build())\n .build());\n\n var firehose_opensearch = new RolePolicy(\"firehose-opensearch\", RolePolicyArgs.builder()\n .name(\"opensearch\")\n .role(firehose.id())\n .policy(Output.tuple(testCluster.arn(), testCluster.arn()).applyValue(values -\u003e {\n var testClusterArn = values.t1;\n var testClusterArn1 = values.t2;\n return \"\"\"\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"%s\",\n \"%s/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n\", testClusterArn,testClusterArn1);\n }))\n .build());\n\n var test = new FirehoseDeliveryStream(\"test\", FirehoseDeliveryStreamArgs.builder()\n .name(\"pulumi-kinesis-firehose-os\")\n .destination(\"opensearch\")\n .opensearchConfiguration(FirehoseDeliveryStreamOpensearchConfigurationArgs.builder()\n .domainArn(testCluster.arn())\n .roleArn(firehose.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .build())\n .vpcConfig(FirehoseDeliveryStreamOpensearchConfigurationVpcConfigArgs.builder()\n .subnetIds( \n firstAwsSubnet.id(),\n second.id())\n .securityGroupIds(first.id())\n .roleArn(firehose.arn())\n .build())\n .build())\n .build(), CustomResourceOptions.builder()\n .dependsOn(firehose_opensearch)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCluster:\n type: aws:opensearch:Domain\n name: test_cluster\n properties:\n domainName: es-test\n clusterConfig:\n instanceCount: 2\n zoneAwarenessEnabled: true\n instanceType: m4.large.search\n ebsOptions:\n ebsEnabled: true\n volumeSize: 10\n vpcOptions:\n securityGroupIds:\n - ${first.id}\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n firehose-opensearch:\n type: aws:iam:RolePolicy\n properties:\n name: opensearch\n role: ${firehose.id}\n policy: |\n {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"${testCluster.arn}\",\n \"${testCluster.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n }\n test:\n type: aws:kinesis:FirehoseDeliveryStream\n properties:\n name: pulumi-kinesis-firehose-os\n destination: opensearch\n opensearchConfiguration:\n domainArn: ${testCluster.arn}\n roleArn: ${firehose.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n vpcConfig:\n subnetIds:\n - ${firstAwsSubnet.id}\n - ${second.id}\n securityGroupIds:\n - ${first.id}\n roleArn: ${firehose.arn}\n options:\n dependsOn:\n - ${[\"firehose-opensearch\"]}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### OpenSearch Serverless Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCollection = new aws.opensearch.ServerlessCollection(\"test_collection\", {name: \"firehose-osserverless-test\"});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"opensearchserverless\",\n opensearchserverlessConfiguration: {\n collectionEndpoint: testCollection.collectionEndpoint,\n roleArn: firehoseRole.arn,\n indexName: \"test\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_collection = aws.opensearch.ServerlessCollection(\"test_collection\", name=\"firehose-osserverless-test\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"opensearchserverless\",\n opensearchserverless_configuration={\n \"collection_endpoint\": test_collection.collection_endpoint,\n \"role_arn\": firehose_role[\"arn\"],\n \"index_name\": \"test\",\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": f\"{lambda_processor['arn']}:$LATEST\",\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testCollection = new Aws.OpenSearch.ServerlessCollection(\"test_collection\", new()\n {\n Name = \"firehose-osserverless-test\",\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"opensearchserverless\",\n OpensearchserverlessConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs\n {\n CollectionEndpoint = testCollection.CollectionEndpoint,\n RoleArn = firehoseRole.Arn,\n IndexName = \"test\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/opensearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCollection, err := opensearch.NewServerlessCollection(ctx, \"test_collection\", \u0026opensearch.ServerlessCollectionArgs{\n\t\t\tName: pulumi.String(\"firehose-osserverless-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"opensearchserverless\"),\n\t\t\tOpensearchserverlessConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs{\n\t\t\t\tCollectionEndpoint: testCollection.CollectionEndpoint,\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.opensearch.ServerlessCollection;\nimport com.pulumi.aws.opensearch.ServerlessCollectionArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testCollection = new ServerlessCollection(\"testCollection\", ServerlessCollectionArgs.builder()\n .name(\"firehose-osserverless-test\")\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"opensearchserverless\")\n .opensearchserverlessConfiguration(FirehoseDeliveryStreamOpensearchserverlessConfigurationArgs.builder()\n .collectionEndpoint(testCollection.collectionEndpoint())\n .roleArn(firehoseRole.arn())\n .indexName(\"test\")\n .s3Configuration(FirehoseDeliveryStreamOpensearchserverlessConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .processingConfiguration(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamOpensearchserverlessConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testCollection:\n type: aws:opensearch:ServerlessCollection\n name: test_collection\n properties:\n name: firehose-osserverless-test\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: opensearchserverless\n opensearchserverlessConfiguration:\n collectionEndpoint: ${testCollection.collectionEndpoint}\n roleArn: ${firehoseRole.arn}\n indexName: test\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Iceberg Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst currentGetPartition = aws.getPartition({});\nconst currentGetRegion = aws.getRegion({});\nconst bucket = new aws.s3.BucketV2(\"bucket\", {\n bucket: \"test-bucket\",\n forceDestroy: true,\n});\nconst test = new aws.glue.CatalogDatabase(\"test\", {name: \"test\"});\nconst testCatalogTable = new aws.glue.CatalogTable(\"test\", {\n name: \"test\",\n databaseName: test.name,\n parameters: {\n format: \"parquet\",\n },\n tableType: \"EXTERNAL_TABLE\",\n openTableFormatInput: {\n icebergInput: {\n metadataOperation: \"CREATE\",\n version: \"2\",\n },\n },\n storageDescriptor: {\n location: pulumi.interpolate`s3://${bucket.id}`,\n columns: [{\n name: \"my_column_1\",\n type: \"int\",\n }],\n },\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"iceberg\",\n icebergConfiguration: {\n roleArn: firehoseRole.arn,\n catalogArn: Promise.all([currentGetPartition, currentGetRegion, current]).then(([currentGetPartition, currentGetRegion, current]) =\u003e `arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:catalog`),\n bufferingSize: 10,\n bufferingInterval: 400,\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n },\n destinationTableConfigurations: [{\n databaseName: test.name,\n tableName: testCatalogTable.name,\n }],\n processingConfiguration: {\n enabled: true,\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ncurrent_get_partition = aws.get_partition()\ncurrent_get_region = aws.get_region()\nbucket = aws.s3.BucketV2(\"bucket\",\n bucket=\"test-bucket\",\n force_destroy=True)\ntest = aws.glue.CatalogDatabase(\"test\", name=\"test\")\ntest_catalog_table = aws.glue.CatalogTable(\"test\",\n name=\"test\",\n database_name=test.name,\n parameters={\n \"format\": \"parquet\",\n },\n table_type=\"EXTERNAL_TABLE\",\n open_table_format_input={\n \"iceberg_input\": {\n \"metadata_operation\": \"CREATE\",\n \"version\": \"2\",\n },\n },\n storage_descriptor={\n \"location\": bucket.id.apply(lambda id: f\"s3://{id}\"),\n \"columns\": [{\n \"name\": \"my_column_1\",\n \"type\": \"int\",\n }],\n })\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"iceberg\",\n iceberg_configuration={\n \"role_arn\": firehose_role[\"arn\"],\n \"catalog_arn\": f\"arn:{current_get_partition.partition}:glue:{current_get_region.name}:{current.account_id}:catalog\",\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"s3_configuration\": {\n \"role_arn\": firehose_role[\"arn\"],\n \"bucket_arn\": bucket.arn,\n },\n \"destination_table_configurations\": [{\n \"database_name\": test.name,\n \"table_name\": test_catalog_table.name,\n }],\n \"processing_configuration\": {\n \"enabled\": True,\n \"processors\": [{\n \"type\": \"Lambda\",\n \"parameters\": [{\n \"parameter_name\": \"LambdaArn\",\n \"parameter_value\": f\"{lambda_processor['arn']}:$LATEST\",\n }],\n }],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var current = Aws.GetCallerIdentity.Invoke();\n\n var currentGetPartition = Aws.GetPartition.Invoke();\n\n var currentGetRegion = Aws.GetRegion.Invoke();\n\n var bucket = new Aws.S3.BucketV2(\"bucket\", new()\n {\n Bucket = \"test-bucket\",\n ForceDestroy = true,\n });\n\n var test = new Aws.Glue.CatalogDatabase(\"test\", new()\n {\n Name = \"test\",\n });\n\n var testCatalogTable = new Aws.Glue.CatalogTable(\"test\", new()\n {\n Name = \"test\",\n DatabaseName = test.Name,\n Parameters = \n {\n { \"format\", \"parquet\" },\n },\n TableType = \"EXTERNAL_TABLE\",\n OpenTableFormatInput = new Aws.Glue.Inputs.CatalogTableOpenTableFormatInputArgs\n {\n IcebergInput = new Aws.Glue.Inputs.CatalogTableOpenTableFormatInputIcebergInputArgs\n {\n MetadataOperation = \"CREATE\",\n Version = \"2\",\n },\n },\n StorageDescriptor = new Aws.Glue.Inputs.CatalogTableStorageDescriptorArgs\n {\n Location = bucket.Id.Apply(id =\u003e $\"s3://{id}\"),\n Columns = new[]\n {\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"my_column_1\",\n Type = \"int\",\n },\n },\n },\n });\n\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"iceberg\",\n IcebergConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n CatalogArn = Output.Tuple(currentGetPartition, currentGetRegion, current).Apply(values =\u003e\n {\n var currentGetPartition = values.Item1;\n var currentGetRegion = values.Item2;\n var current = values.Item3;\n return $\"arn:{currentGetPartition.Apply(getPartitionResult =\u003e getPartitionResult.Partition)}:glue:{currentGetRegion.Apply(getRegionResult =\u003e getRegionResult.Name)}:{current.Apply(getCallerIdentityResult =\u003e getCallerIdentityResult.AccountId)}:catalog\";\n }),\n BufferingSize = 10,\n BufferingInterval = 400,\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n },\n DestinationTableConfigurations = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationDestinationTableConfigurationArgs\n {\n DatabaseName = test.Name,\n TableName = testCatalogTable.Name,\n },\n },\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{lambdaProcessor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, \u0026aws.GetCallerIdentityArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetPartition, err := aws.GetPartition(ctx, \u0026aws.GetPartitionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentGetRegion, err := aws.GetRegion(ctx, \u0026aws.GetRegionArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucketV2(ctx, \"bucket\", \u0026s3.BucketV2Args{\n\t\t\tBucket: pulumi.String(\"test-bucket\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := glue.NewCatalogDatabase(ctx, \"test\", \u0026glue.CatalogDatabaseArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestCatalogTable, err := glue.NewCatalogTable(ctx, \"test\", \u0026glue.CatalogTableArgs{\n\t\t\tName: pulumi.String(\"test\"),\n\t\t\tDatabaseName: test.Name,\n\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\"format\": pulumi.String(\"parquet\"),\n\t\t\t},\n\t\t\tTableType: pulumi.String(\"EXTERNAL_TABLE\"),\n\t\t\tOpenTableFormatInput: \u0026glue.CatalogTableOpenTableFormatInputArgs{\n\t\t\t\tIcebergInput: \u0026glue.CatalogTableOpenTableFormatInputIcebergInputArgs{\n\t\t\t\t\tMetadataOperation: pulumi.String(\"CREATE\"),\n\t\t\t\t\tVersion: pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tStorageDescriptor: \u0026glue.CatalogTableStorageDescriptorArgs{\n\t\t\t\tLocation: bucket.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\treturn fmt.Sprintf(\"s3://%v\", id), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tColumns: glue.CatalogTableStorageDescriptorColumnArray{\n\t\t\t\t\t\u0026glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"my_column_1\"),\n\t\t\t\t\t\tType: pulumi.String(\"int\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"iceberg\"),\n\t\t\tIcebergConfiguration: \u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\tCatalogArn: pulumi.Sprintf(\"arn:%v:glue:%v:%v:catalog\", currentGetPartition.Partition, currentGetRegion.Name, current.AccountId),\n\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehoseRole.Arn),\n\t\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t\t},\n\t\t\t\tDestinationTableConfigurations: kinesis.FirehoseDeliveryStreamIcebergConfigurationDestinationTableConfigurationArray{\n\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationDestinationTableConfigurationArgs{\n\t\t\t\t\t\tDatabaseName: test.Name,\n\t\t\t\t\t\tTableName: testCatalogTable.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tProcessingConfiguration: \u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.Sprintf(\"%v:$LATEST\", lambdaProcessor.Arn),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.AwsFunctions;\nimport com.pulumi.aws.inputs.GetCallerIdentityArgs;\nimport com.pulumi.aws.inputs.GetPartitionArgs;\nimport com.pulumi.aws.inputs.GetRegionArgs;\nimport com.pulumi.aws.s3.BucketV2;\nimport com.pulumi.aws.s3.BucketV2Args;\nimport com.pulumi.aws.glue.CatalogDatabase;\nimport com.pulumi.aws.glue.CatalogDatabaseArgs;\nimport com.pulumi.aws.glue.CatalogTable;\nimport com.pulumi.aws.glue.CatalogTableArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableOpenTableFormatInputArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableOpenTableFormatInputIcebergInputArgs;\nimport com.pulumi.aws.glue.inputs.CatalogTableStorageDescriptorArgs;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamIcebergConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamIcebergConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var current = AwsFunctions.getCallerIdentity();\n\n final var currentGetPartition = AwsFunctions.getPartition();\n\n final var currentGetRegion = AwsFunctions.getRegion();\n\n var bucket = new BucketV2(\"bucket\", BucketV2Args.builder()\n .bucket(\"test-bucket\")\n .forceDestroy(true)\n .build());\n\n var test = new CatalogDatabase(\"test\", CatalogDatabaseArgs.builder()\n .name(\"test\")\n .build());\n\n var testCatalogTable = new CatalogTable(\"testCatalogTable\", CatalogTableArgs.builder()\n .name(\"test\")\n .databaseName(test.name())\n .parameters(Map.of(\"format\", \"parquet\"))\n .tableType(\"EXTERNAL_TABLE\")\n .openTableFormatInput(CatalogTableOpenTableFormatInputArgs.builder()\n .icebergInput(CatalogTableOpenTableFormatInputIcebergInputArgs.builder()\n .metadataOperation(\"CREATE\")\n .version(2)\n .build())\n .build())\n .storageDescriptor(CatalogTableStorageDescriptorArgs.builder()\n .location(bucket.id().applyValue(id -\u003e String.format(\"s3://%s\", id)))\n .columns(CatalogTableStorageDescriptorColumnArgs.builder()\n .name(\"my_column_1\")\n .type(\"int\")\n .build())\n .build())\n .build());\n\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"iceberg\")\n .icebergConfiguration(FirehoseDeliveryStreamIcebergConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .catalogArn(String.format(\"arn:%s:glue:%s:%s:catalog\", currentGetPartition.applyValue(getPartitionResult -\u003e getPartitionResult.partition()),currentGetRegion.applyValue(getRegionResult -\u003e getRegionResult.name()),current.applyValue(getCallerIdentityResult -\u003e getCallerIdentityResult.accountId())))\n .bufferingSize(10)\n .bufferingInterval(400)\n .s3Configuration(FirehoseDeliveryStreamIcebergConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehoseRole.arn())\n .bucketArn(bucket.arn())\n .build())\n .destinationTableConfigurations(FirehoseDeliveryStreamIcebergConfigurationDestinationTableConfigurationArgs.builder()\n .databaseName(test.name())\n .tableName(testCatalogTable.name())\n .build())\n .processingConfiguration(FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationArgs.builder()\n .enabled(\"true\")\n .processors(FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorArgs.builder()\n .type(\"Lambda\")\n .parameters(FirehoseDeliveryStreamIcebergConfigurationProcessingConfigurationProcessorParameterArgs.builder()\n .parameterName(\"LambdaArn\")\n .parameterValue(String.format(\"%s:$LATEST\", lambdaProcessor.arn()))\n .build())\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n bucket:\n type: aws:s3:BucketV2\n properties:\n bucket: test-bucket\n forceDestroy: true\n test:\n type: aws:glue:CatalogDatabase\n properties:\n name: test\n testCatalogTable:\n type: aws:glue:CatalogTable\n name: test\n properties:\n name: test\n databaseName: ${test.name}\n parameters:\n format: parquet\n tableType: EXTERNAL_TABLE\n openTableFormatInput:\n icebergInput:\n metadataOperation: CREATE\n version: 2\n storageDescriptor:\n location: s3://${bucket.id}\n columns:\n - name: my_column_1\n type: int\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: iceberg\n icebergConfiguration:\n roleArn: ${firehoseRole.arn}\n catalogArn: arn:${currentGetPartition.partition}:glue:${currentGetRegion.name}:${current.accountId}:catalog\n bufferingSize: 10\n bufferingInterval: 400\n s3Configuration:\n roleArn: ${firehoseRole.arn}\n bucketArn: ${bucket.arn}\n destinationTableConfigurations:\n - databaseName: ${test.name}\n tableName: ${testCatalogTable.name}\n processingConfiguration:\n enabled: 'true'\n processors:\n - type: Lambda\n parameters:\n - parameterName: LambdaArn\n parameterValue: ${lambdaProcessor.arn}:$LATEST\nvariables:\n current:\n fn::invoke:\n function: aws:getCallerIdentity\n arguments: {}\n currentGetPartition:\n fn::invoke:\n function: aws:getPartition\n arguments: {}\n currentGetRegion:\n fn::invoke:\n function: aws:getRegion\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Splunk Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"splunk\",\n splunkConfiguration: {\n hecEndpoint: \"https://http-inputs-mydomain.splunkcloud.com:443\",\n hecToken: \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n hecAcknowledgmentTimeout: 600,\n hecEndpointType: \"Event\",\n s3BackupMode: \"FailedEventsOnly\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"splunk\",\n splunk_configuration={\n \"hec_endpoint\": \"https://http-inputs-mydomain.splunkcloud.com:443\",\n \"hec_token\": \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n \"hec_acknowledgment_timeout\": 600,\n \"hec_endpoint_type\": \"Event\",\n \"s3_backup_mode\": \"FailedEventsOnly\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"splunk\",\n SplunkConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSplunkConfigurationArgs\n {\n HecEndpoint = \"https://http-inputs-mydomain.splunkcloud.com:443\",\n HecToken = \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n HecAcknowledgmentTimeout = 600,\n HecEndpointType = \"Event\",\n S3BackupMode = \"FailedEventsOnly\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"splunk\"),\n\t\t\tSplunkConfiguration: \u0026kinesis.FirehoseDeliveryStreamSplunkConfigurationArgs{\n\t\t\t\tHecEndpoint: pulumi.String(\"https://http-inputs-mydomain.splunkcloud.com:443\"),\n\t\t\t\tHecToken: pulumi.String(\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\"),\n\t\t\t\tHecAcknowledgmentTimeout: pulumi.Int(600),\n\t\t\t\tHecEndpointType: pulumi.String(\"Event\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedEventsOnly\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSplunkConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"splunk\")\n .splunkConfiguration(FirehoseDeliveryStreamSplunkConfigurationArgs.builder()\n .hecEndpoint(\"https://http-inputs-mydomain.splunkcloud.com:443\")\n .hecToken(\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\")\n .hecAcknowledgmentTimeout(600)\n .hecEndpointType(\"Event\")\n .s3BackupMode(\"FailedEventsOnly\")\n .s3Configuration(FirehoseDeliveryStreamSplunkConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: splunk\n splunkConfiguration:\n hecEndpoint: https://http-inputs-mydomain.splunkcloud.com:443\n hecToken: 51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\n hecAcknowledgmentTimeout: 600\n hecEndpointType: Event\n s3BackupMode: FailedEventsOnly\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### HTTP Endpoint (e.g., New Relic) Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"test_stream\", {\n name: \"kinesis-firehose-test-stream\",\n destination: \"http_endpoint\",\n httpEndpointConfiguration: {\n url: \"https://aws-api.newrelic.com/firehose/v1\",\n name: \"New Relic\",\n accessKey: \"my-key\",\n bufferingSize: 15,\n bufferingInterval: 600,\n roleArn: firehose.arn,\n s3BackupMode: \"FailedDataOnly\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n requestConfiguration: {\n contentEncoding: \"GZIP\",\n commonAttributes: [\n {\n name: \"testname\",\n value: \"testvalue\",\n },\n {\n name: \"testname2\",\n value: \"testvalue2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"test_stream\",\n name=\"kinesis-firehose-test-stream\",\n destination=\"http_endpoint\",\n http_endpoint_configuration={\n \"url\": \"https://aws-api.newrelic.com/firehose/v1\",\n \"name\": \"New Relic\",\n \"access_key\": \"my-key\",\n \"buffering_size\": 15,\n \"buffering_interval\": 600,\n \"role_arn\": firehose[\"arn\"],\n \"s3_backup_mode\": \"FailedDataOnly\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n \"request_configuration\": {\n \"content_encoding\": \"GZIP\",\n \"common_attributes\": [\n {\n \"name\": \"testname\",\n \"value\": \"testvalue\",\n },\n {\n \"name\": \"testname2\",\n \"value\": \"testvalue2\",\n },\n ],\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"test_stream\", new()\n {\n Name = \"kinesis-firehose-test-stream\",\n Destination = \"http_endpoint\",\n HttpEndpointConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationArgs\n {\n Url = \"https://aws-api.newrelic.com/firehose/v1\",\n Name = \"New Relic\",\n AccessKey = \"my-key\",\n BufferingSize = 15,\n BufferingInterval = 600,\n RoleArn = firehose.Arn,\n S3BackupMode = \"FailedDataOnly\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n RequestConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs\n {\n ContentEncoding = \"GZIP\",\n CommonAttributes = new[]\n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname\",\n Value = \"testvalue\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname2\",\n Value = \"testvalue2\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"test_stream\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"kinesis-firehose-test-stream\"),\n\t\t\tDestination: pulumi.String(\"http_endpoint\"),\n\t\t\tHttpEndpointConfiguration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationArgs{\n\t\t\t\tUrl: pulumi.String(\"https://aws-api.newrelic.com/firehose/v1\"),\n\t\t\t\tName: pulumi.String(\"New Relic\"),\n\t\t\t\tAccessKey: pulumi.String(\"my-key\"),\n\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\tBufferingInterval: pulumi.Int(600),\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedDataOnly\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t\tRequestConfiguration: \u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs{\n\t\t\t\t\tContentEncoding: pulumi.String(\"GZIP\"),\n\t\t\t\t\tCommonAttributes: kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArray{\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname2\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testStream = new FirehoseDeliveryStream(\"testStream\", FirehoseDeliveryStreamArgs.builder()\n .name(\"kinesis-firehose-test-stream\")\n .destination(\"http_endpoint\")\n .httpEndpointConfiguration(FirehoseDeliveryStreamHttpEndpointConfigurationArgs.builder()\n .url(\"https://aws-api.newrelic.com/firehose/v1\")\n .name(\"New Relic\")\n .accessKey(\"my-key\")\n .bufferingSize(15)\n .bufferingInterval(600)\n .roleArn(firehose.arn())\n .s3BackupMode(\"FailedDataOnly\")\n .s3Configuration(FirehoseDeliveryStreamHttpEndpointConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .requestConfiguration(FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs.builder()\n .contentEncoding(\"GZIP\")\n .commonAttributes( \n FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs.builder()\n .name(\"testname\")\n .value(\"testvalue\")\n .build(),\n FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs.builder()\n .name(\"testname2\")\n .value(\"testvalue2\")\n .build())\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testStream:\n type: aws:kinesis:FirehoseDeliveryStream\n name: test_stream\n properties:\n name: kinesis-firehose-test-stream\n destination: http_endpoint\n httpEndpointConfiguration:\n url: https://aws-api.newrelic.com/firehose/v1\n name: New Relic\n accessKey: my-key\n bufferingSize: 15\n bufferingInterval: 600\n roleArn: ${firehose.arn}\n s3BackupMode: FailedDataOnly\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n requestConfiguration:\n contentEncoding: GZIP\n commonAttributes:\n - name: testname\n value: testvalue\n - name: testname2\n value: testvalue2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Snowflake Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSnowflakeDestination = new aws.kinesis.FirehoseDeliveryStream(\"example_snowflake_destination\", {\n name: \"example-snowflake-destination\",\n destination: \"snowflake\",\n snowflakeConfiguration: {\n accountUrl: \"https://example.snowflakecomputing.com\",\n bufferingSize: 15,\n bufferingInterval: 600,\n database: \"example-db\",\n privateKey: \"...\",\n roleArn: firehose.arn,\n schema: \"example-schema\",\n table: \"example-table\",\n user: \"example-usr\",\n s3Configuration: {\n roleArn: firehose.arn,\n bucketArn: bucket.arn,\n bufferingSize: 10,\n bufferingInterval: 400,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_snowflake_destination = aws.kinesis.FirehoseDeliveryStream(\"example_snowflake_destination\",\n name=\"example-snowflake-destination\",\n destination=\"snowflake\",\n snowflake_configuration={\n \"account_url\": \"https://example.snowflakecomputing.com\",\n \"buffering_size\": 15,\n \"buffering_interval\": 600,\n \"database\": \"example-db\",\n \"private_key\": \"...\",\n \"role_arn\": firehose[\"arn\"],\n \"schema\": \"example-schema\",\n \"table\": \"example-table\",\n \"user\": \"example-usr\",\n \"s3_configuration\": {\n \"role_arn\": firehose[\"arn\"],\n \"bucket_arn\": bucket[\"arn\"],\n \"buffering_size\": 10,\n \"buffering_interval\": 400,\n \"compression_format\": \"GZIP\",\n },\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var exampleSnowflakeDestination = new Aws.Kinesis.FirehoseDeliveryStream(\"example_snowflake_destination\", new()\n {\n Name = \"example-snowflake-destination\",\n Destination = \"snowflake\",\n SnowflakeConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSnowflakeConfigurationArgs\n {\n AccountUrl = \"https://example.snowflakecomputing.com\",\n BufferingSize = 15,\n BufferingInterval = 600,\n Database = \"example-db\",\n PrivateKey = \"...\",\n RoleArn = firehose.Arn,\n Schema = \"example-schema\",\n Table = \"example-table\",\n User = \"example-usr\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationArgs\n {\n RoleArn = firehose.Arn,\n BucketArn = bucket.Arn,\n BufferingSize = 10,\n BufferingInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"example_snowflake_destination\", \u0026kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tName: pulumi.String(\"example-snowflake-destination\"),\n\t\t\tDestination: pulumi.String(\"snowflake\"),\n\t\t\tSnowflakeConfiguration: \u0026kinesis.FirehoseDeliveryStreamSnowflakeConfigurationArgs{\n\t\t\t\tAccountUrl: pulumi.String(\"https://example.snowflakecomputing.com\"),\n\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\tBufferingInterval: pulumi.Int(600),\n\t\t\t\tDatabase: pulumi.String(\"example-db\"),\n\t\t\t\tPrivateKey: pulumi.String(\"...\"),\n\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\tSchema: pulumi.String(\"example-schema\"),\n\t\t\t\tTable: pulumi.String(\"example-table\"),\n\t\t\t\tUser: pulumi.String(\"example-usr\"),\n\t\t\t\tS3Configuration: \u0026kinesis.FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(firehose.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(bucket.Arn),\n\t\t\t\t\tBufferingSize: pulumi.Int(10),\n\t\t\t\t\tBufferingInterval: pulumi.Int(400),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStream;\nimport com.pulumi.aws.kinesis.FirehoseDeliveryStreamArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSnowflakeConfigurationArgs;\nimport com.pulumi.aws.kinesis.inputs.FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var exampleSnowflakeDestination = new FirehoseDeliveryStream(\"exampleSnowflakeDestination\", FirehoseDeliveryStreamArgs.builder()\n .name(\"example-snowflake-destination\")\n .destination(\"snowflake\")\n .snowflakeConfiguration(FirehoseDeliveryStreamSnowflakeConfigurationArgs.builder()\n .accountUrl(\"https://example.snowflakecomputing.com\")\n .bufferingSize(15)\n .bufferingInterval(600)\n .database(\"example-db\")\n .privateKey(\"...\")\n .roleArn(firehose.arn())\n .schema(\"example-schema\")\n .table(\"example-table\")\n .user(\"example-usr\")\n .s3Configuration(FirehoseDeliveryStreamSnowflakeConfigurationS3ConfigurationArgs.builder()\n .roleArn(firehose.arn())\n .bucketArn(bucket.arn())\n .bufferingSize(10)\n .bufferingInterval(400)\n .compressionFormat(\"GZIP\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n exampleSnowflakeDestination:\n type: aws:kinesis:FirehoseDeliveryStream\n name: example_snowflake_destination\n properties:\n name: example-snowflake-destination\n destination: snowflake\n snowflakeConfiguration:\n accountUrl: https://example.snowflakecomputing.com\n bufferingSize: 15\n bufferingInterval: 600\n database: example-db\n privateKey: '...'\n roleArn: ${firehose.arn}\n schema: example-schema\n table: example-table\n user: example-usr\n s3Configuration:\n roleArn: ${firehose.arn}\n bucketArn: ${bucket.arn}\n bufferingSize: 10\n bufferingInterval: 400\n compressionFormat: GZIP\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Kinesis Firehose Delivery streams using the stream ARN. For example:\n\n```sh\n$ pulumi import aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream foo arn:aws:firehose:us-east-1:XXX:deliverystream/example\n```\nNote: Import does not work for stream destination `s3`. Consider using `extended_s3` since `s3` destination is deprecated.\n\n", "properties": { "arn": { "type": "string", @@ -302386,7 +302386,7 @@ } }, "aws:lightsail/containerService:ContainerService": { - "description": "An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run,\nand manage containers. For more information, see\n[Container services in Amazon Lightsail](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-container-services).\n\n\u003e **Note:** For more information about the AWS Regions in which you can create Amazon Lightsail container services,\nsee [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail).\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"my_container_service\", {\n name: \"container-service-1\",\n power: \"nano\",\n scale: 1,\n isDisabled: false,\n tags: {\n foo1: \"bar1\",\n foo2: \"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"my_container_service\",\n name=\"container-service-1\",\n power=\"nano\",\n scale=1,\n is_disabled=False,\n tags={\n \"foo1\": \"bar1\",\n \"foo2\": \"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"my_container_service\", new()\n {\n Name = \"container-service-1\",\n Power = \"nano\",\n Scale = 1,\n IsDisabled = false,\n Tags = \n {\n { \"foo1\", \"bar1\" },\n { \"foo2\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"my_container_service\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tName: pulumi.String(\"container-service-1\"),\n\t\t\tPower: pulumi.String(\"nano\"),\n\t\t\tScale: pulumi.Int(1),\n\t\t\tIsDisabled: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo1\": pulumi.String(\"bar1\"),\n\t\t\t\t\"foo2\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder()\n .name(\"container-service-1\")\n .power(\"nano\")\n .scale(1)\n .isDisabled(false)\n .tags(Map.ofEntries(\n Map.entry(\"foo1\", \"bar1\"),\n Map.entry(\"foo2\", \"\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n name: my_container_service\n properties:\n name: container-service-1\n power: nano\n scale: 1\n isDisabled: false\n tags:\n foo1: bar1\n foo2: \"\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Public Domain Names\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"my_container_service\", {publicDomainNames: {\n certificates: [{\n certificateName: \"example-certificate\",\n domainNames: [\"www.example.com\"],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"my_container_service\", public_domain_names={\n \"certificates\": [{\n \"certificate_name\": \"example-certificate\",\n \"domain_names\": [\"www.example.com\"],\n }],\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"my_container_service\", new()\n {\n PublicDomainNames = new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesArgs\n {\n Certificates = new[]\n {\n new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesCertificateArgs\n {\n CertificateName = \"example-certificate\",\n DomainNames = new[]\n {\n \"www.example.com\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"my_container_service\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tPublicDomainNames: \u0026lightsail.ContainerServicePublicDomainNamesArgs{\n\t\t\t\tCertificates: lightsail.ContainerServicePublicDomainNamesCertificateArray{\n\t\t\t\t\t\u0026lightsail.ContainerServicePublicDomainNamesCertificateArgs{\n\t\t\t\t\t\tCertificateName: pulumi.String(\"example-certificate\"),\n\t\t\t\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePublicDomainNamesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder()\n .publicDomainNames(ContainerServicePublicDomainNamesArgs.builder()\n .certificates(ContainerServicePublicDomainNamesCertificateArgs.builder()\n .certificateName(\"example-certificate\")\n .domainNames(\"www.example.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n name: my_container_service\n properties:\n publicDomainNames:\n certificates:\n - certificateName: example-certificate\n domainNames:\n - www.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Private Registry Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultContainerService = new aws.lightsail.ContainerService(\"default\", {privateRegistryAccess: {\n ecrImagePullerRole: {\n isActive: true,\n },\n}});\nconst default = defaultContainerService.privateRegistryAccess.apply(privateRegistryAccess =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [privateRegistryAccess.ecrImagePullerRole?.principalArn],\n }],\n actions: [\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n }],\n}));\nconst defaultRepositoryPolicy = new aws.ecr.RepositoryPolicy(\"default\", {\n repository: defaultAwsEcrRepository.name,\n policy: _default.apply(_default =\u003e _default.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_container_service = aws.lightsail.ContainerService(\"default\", private_registry_access={\n \"ecr_image_puller_role\": {\n \"is_active\": True,\n },\n})\ndefault = default_container_service.private_registry_access.apply(lambda private_registry_access: aws.iam.get_policy_document_output(statements=[{\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"AWS\",\n \"identifiers\": [private_registry_access.ecr_image_puller_role.principal_arn],\n }],\n \"actions\": [\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n}]))\ndefault_repository_policy = aws.ecr.RepositoryPolicy(\"default\",\n repository=default_aws_ecr_repository[\"name\"],\n policy=default.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultContainerService = new Aws.LightSail.ContainerService(\"default\", new()\n {\n PrivateRegistryAccess = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessArgs\n {\n EcrImagePullerRole = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs\n {\n IsActive = true,\n },\n },\n });\n\n var @default = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n defaultContainerService.PrivateRegistryAccess.EcrImagePullerRole?.PrincipalArn,\n },\n },\n },\n Actions = new[]\n {\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n },\n },\n },\n });\n\n var defaultRepositoryPolicy = new Aws.Ecr.RepositoryPolicy(\"default\", new()\n {\n Repository = defaultAwsEcrRepository.Name,\n Policy = @default.Apply(@default =\u003e @default.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ndefaultContainerService, err := lightsail.NewContainerService(ctx, \"default\", \u0026lightsail.ContainerServiceArgs{\nPrivateRegistryAccess: \u0026lightsail.ContainerServicePrivateRegistryAccessArgs{\nEcrImagePullerRole: \u0026lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs{\nIsActive: pulumi.Bool(true),\n},\n},\n})\nif err != nil {\nreturn err\n}\n_default := defaultContainerService.PrivateRegistryAccess.ApplyT(func(privateRegistryAccess lightsail.ContainerServicePrivateRegistryAccess) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentResult(interface{}(iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nprivateRegistryAccess.EcrImagePullerRole.PrincipalArn,\n},\n},\n},\nActions: []string{\n\"ecr:BatchGetImage\",\n\"ecr:GetDownloadUrlForLayer\",\n},\n},\n},\n}, nil))), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = ecr.NewRepositoryPolicy(ctx, \"default\", \u0026ecr.RepositoryPolicyArgs{\nRepository: pulumi.Any(defaultAwsEcrRepository.Name),\nPolicy: pulumi.String(_default.ApplyT(func(_default iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026default.Json, nil\n}).(pulumi.StringPtrOutput)),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecr.RepositoryPolicy;\nimport com.pulumi.aws.ecr.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultContainerService = new ContainerService(\"defaultContainerService\", ContainerServiceArgs.builder()\n .privateRegistryAccess(ContainerServicePrivateRegistryAccessArgs.builder()\n .ecrImagePullerRole(ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs.builder()\n .isActive(true)\n .build())\n .build())\n .build());\n\n final var default = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(defaultContainerService.privateRegistryAccess().applyValue(privateRegistryAccess -\u003e privateRegistryAccess.ecrImagePullerRole().principalArn()))\n .build())\n .actions( \n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\")\n .build())\n .build());\n\n var defaultRepositoryPolicy = new RepositoryPolicy(\"defaultRepositoryPolicy\", RepositoryPolicyArgs.builder()\n .repository(defaultAwsEcrRepository.name())\n .policy(default_.applyValue(default_ -\u003e default_.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultContainerService:\n type: aws:lightsail:ContainerService\n name: default\n properties:\n privateRegistryAccess:\n ecrImagePullerRole:\n isActive: true\n defaultRepositoryPolicy:\n type: aws:ecr:RepositoryPolicy\n name: default\n properties:\n repository: ${defaultAwsEcrRepository.name}\n policy: ${default.json}\nvariables:\n default:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${defaultContainerService.privateRegistryAccess.ecrImagePullerRole.principalArn}\n actions:\n - ecr:BatchGetImage\n - ecr:GetDownloadUrlForLayer\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Lightsail Container Service using the `name`. For example:\n\n```sh\n$ pulumi import aws:lightsail/containerService:ContainerService my_container_service container-service-1\n```\n", + "description": "An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run,\nand manage containers. For more information, see\n[Container services in Amazon Lightsail](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-container-services).\n\n\u003e **Note:** For more information about the AWS Regions in which you can create Amazon Lightsail container services,\nsee [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail).\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"my_container_service\", {\n name: \"container-service-1\",\n power: \"nano\",\n scale: 1,\n isDisabled: false,\n tags: {\n foo1: \"bar1\",\n foo2: \"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"my_container_service\",\n name=\"container-service-1\",\n power=\"nano\",\n scale=1,\n is_disabled=False,\n tags={\n \"foo1\": \"bar1\",\n \"foo2\": \"\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"my_container_service\", new()\n {\n Name = \"container-service-1\",\n Power = \"nano\",\n Scale = 1,\n IsDisabled = false,\n Tags = \n {\n { \"foo1\", \"bar1\" },\n { \"foo2\", \"\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"my_container_service\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tName: pulumi.String(\"container-service-1\"),\n\t\t\tPower: pulumi.String(\"nano\"),\n\t\t\tScale: pulumi.Int(1),\n\t\t\tIsDisabled: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo1\": pulumi.String(\"bar1\"),\n\t\t\t\t\"foo2\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder()\n .name(\"container-service-1\")\n .power(\"nano\")\n .scale(1)\n .isDisabled(false)\n .tags(Map.ofEntries(\n Map.entry(\"foo1\", \"bar1\"),\n Map.entry(\"foo2\", \"\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n name: my_container_service\n properties:\n name: container-service-1\n power: nano\n scale: 1\n isDisabled: false\n tags:\n foo1: bar1\n foo2: \"\"\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Public Domain Names\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myContainerService = new aws.lightsail.ContainerService(\"my_container_service\", {publicDomainNames: {\n certificates: [{\n certificateName: \"example-certificate\",\n domainNames: [\"www.example.com\"],\n }],\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_container_service = aws.lightsail.ContainerService(\"my_container_service\", public_domain_names={\n \"certificates\": [{\n \"certificate_name\": \"example-certificate\",\n \"domain_names\": [\"www.example.com\"],\n }],\n})\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var myContainerService = new Aws.LightSail.ContainerService(\"my_container_service\", new()\n {\n PublicDomainNames = new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesArgs\n {\n Certificates = new[]\n {\n new Aws.LightSail.Inputs.ContainerServicePublicDomainNamesCertificateArgs\n {\n CertificateName = \"example-certificate\",\n DomainNames = new[]\n {\n \"www.example.com\",\n },\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewContainerService(ctx, \"my_container_service\", \u0026lightsail.ContainerServiceArgs{\n\t\t\tPublicDomainNames: \u0026lightsail.ContainerServicePublicDomainNamesArgs{\n\t\t\t\tCertificates: lightsail.ContainerServicePublicDomainNamesCertificateArray{\n\t\t\t\t\t\u0026lightsail.ContainerServicePublicDomainNamesCertificateArgs{\n\t\t\t\t\t\tCertificateName: pulumi.String(\"example-certificate\"),\n\t\t\t\t\t\tDomainNames: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"www.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePublicDomainNamesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myContainerService = new ContainerService(\"myContainerService\", ContainerServiceArgs.builder()\n .publicDomainNames(ContainerServicePublicDomainNamesArgs.builder()\n .certificates(ContainerServicePublicDomainNamesCertificateArgs.builder()\n .certificateName(\"example-certificate\")\n .domainNames(\"www.example.com\")\n .build())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myContainerService:\n type: aws:lightsail:ContainerService\n name: my_container_service\n properties:\n publicDomainNames:\n certificates:\n - certificateName: example-certificate\n domainNames:\n - www.example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Private Registry Access\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultContainerService = new aws.lightsail.ContainerService(\"default\", {privateRegistryAccess: {\n ecrImagePullerRole: {\n isActive: true,\n },\n}});\nconst _default = defaultContainerService.privateRegistryAccess.apply(privateRegistryAccess =\u003e aws.iam.getPolicyDocumentOutput({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [privateRegistryAccess.ecrImagePullerRole?.principalArn],\n }],\n actions: [\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n }],\n}));\nconst defaultRepositoryPolicy = new aws.ecr.RepositoryPolicy(\"default\", {\n repository: defaultAwsEcrRepository.name,\n policy: _default.apply(_default =\u003e _default.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_container_service = aws.lightsail.ContainerService(\"default\", private_registry_access={\n \"ecr_image_puller_role\": {\n \"is_active\": True,\n },\n})\ndefault = default_container_service.private_registry_access.apply(lambda private_registry_access: aws.iam.get_policy_document_output(statements=[{\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"AWS\",\n \"identifiers\": [private_registry_access.ecr_image_puller_role.principal_arn],\n }],\n \"actions\": [\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n ],\n}]))\ndefault_repository_policy = aws.ecr.RepositoryPolicy(\"default\",\n repository=default_aws_ecr_repository[\"name\"],\n policy=default.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultContainerService = new Aws.LightSail.ContainerService(\"default\", new()\n {\n PrivateRegistryAccess = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessArgs\n {\n EcrImagePullerRole = new Aws.LightSail.Inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs\n {\n IsActive = true,\n },\n },\n });\n\n var @default = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n defaultContainerService.PrivateRegistryAccess.EcrImagePullerRole?.PrincipalArn,\n },\n },\n },\n Actions = new[]\n {\n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\",\n },\n },\n },\n });\n\n var defaultRepositoryPolicy = new Aws.Ecr.RepositoryPolicy(\"default\", new()\n {\n Repository = defaultAwsEcrRepository.Name,\n Policy = @default.Apply(@default =\u003e @default.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ndefaultContainerService, err := lightsail.NewContainerService(ctx, \"default\", \u0026lightsail.ContainerServiceArgs{\nPrivateRegistryAccess: \u0026lightsail.ContainerServicePrivateRegistryAccessArgs{\nEcrImagePullerRole: \u0026lightsail.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs{\nIsActive: pulumi.Bool(true),\n},\n},\n})\nif err != nil {\nreturn err\n}\n_default := defaultContainerService.PrivateRegistryAccess.ApplyT(func(privateRegistryAccess lightsail.ContainerServicePrivateRegistryAccess) (iam.GetPolicyDocumentResult, error) {\nreturn iam.GetPolicyDocumentResult(interface{}(iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{\nStatements: []iam.GetPolicyDocumentStatement{\n{\nEffect: \"Allow\",\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: interface{}{\nprivateRegistryAccess.EcrImagePullerRole.PrincipalArn,\n},\n},\n},\nActions: []string{\n\"ecr:BatchGetImage\",\n\"ecr:GetDownloadUrlForLayer\",\n},\n},\n},\n}, nil))), nil\n}).(iam.GetPolicyDocumentResultOutput)\n_, err = ecr.NewRepositoryPolicy(ctx, \"default\", \u0026ecr.RepositoryPolicyArgs{\nRepository: pulumi.Any(defaultAwsEcrRepository.Name),\nPolicy: pulumi.String(_default.ApplyT(func(_default iam.GetPolicyDocumentResult) (*string, error) {\nreturn \u0026default.Json, nil\n}).(pulumi.StringPtrOutput)),\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.lightsail.ContainerService;\nimport com.pulumi.aws.lightsail.ContainerServiceArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessArgs;\nimport com.pulumi.aws.lightsail.inputs.ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.ecr.RepositoryPolicy;\nimport com.pulumi.aws.ecr.RepositoryPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var defaultContainerService = new ContainerService(\"defaultContainerService\", ContainerServiceArgs.builder()\n .privateRegistryAccess(ContainerServicePrivateRegistryAccessArgs.builder()\n .ecrImagePullerRole(ContainerServicePrivateRegistryAccessEcrImagePullerRoleArgs.builder()\n .isActive(true)\n .build())\n .build())\n .build());\n\n final var default = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(defaultContainerService.privateRegistryAccess().applyValue(privateRegistryAccess -\u003e privateRegistryAccess.ecrImagePullerRole().principalArn()))\n .build())\n .actions( \n \"ecr:BatchGetImage\",\n \"ecr:GetDownloadUrlForLayer\")\n .build())\n .build());\n\n var defaultRepositoryPolicy = new RepositoryPolicy(\"defaultRepositoryPolicy\", RepositoryPolicyArgs.builder()\n .repository(defaultAwsEcrRepository.name())\n .policy(default_.applyValue(default_ -\u003e default_.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n defaultContainerService:\n type: aws:lightsail:ContainerService\n name: default\n properties:\n privateRegistryAccess:\n ecrImagePullerRole:\n isActive: true\n defaultRepositoryPolicy:\n type: aws:ecr:RepositoryPolicy\n name: default\n properties:\n repository: ${defaultAwsEcrRepository.name}\n policy: ${default.json}\nvariables:\n default:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - effect: Allow\n principals:\n - type: AWS\n identifiers:\n - ${defaultContainerService.privateRegistryAccess.ecrImagePullerRole.principalArn}\n actions:\n - ecr:BatchGetImage\n - ecr:GetDownloadUrlForLayer\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Lightsail Container Service using the `name`. For example:\n\n```sh\n$ pulumi import aws:lightsail/containerService:ContainerService my_container_service container-service-1\n```\n", "properties": { "arn": { "type": "string", @@ -335588,7 +335588,7 @@ } }, "aws:rds/instance:Instance": { - "description": "Provides an RDS instance resource. A DB instance is an isolated database\nenvironment in the cloud. A DB instance can contain multiple user-created\ndatabases.\n\nChanges to a DB instance can occur when you manually change a parameter, such as\n`allocated_storage`, and are reflected in the next maintenance window. Because\nof this, this provider may report a difference in its planning phase because a\nmodification has not yet taken place. You can use the `apply_immediately` flag\nto instruct the service to apply the change immediately (see documentation\nbelow).\n\nWhen upgrading the major version of an engine, `allow_major_version_upgrade` must be set to `true`.\n\n\u003e **Note:** using `apply_immediately` can result in a brief downtime as the server reboots.\nSee the AWS Docs on [RDS Instance Maintenance][instance-maintenance] for more information.\n\n\u003e **Note:** All arguments including the username and password will be stored in the raw state as plain-text.\nRead more about sensitive data instate.\n\n\n\n## RDS Instance Class Types\n\nAmazon RDS supports instance classes for the following use cases: General-purpose, Memory-optimized, Burstable Performance, and Optimized-reads.\nFor more information please read the AWS RDS documentation about [DB Instance Class Types](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html)\n\n## Low-Downtime Updates\n\nBy default, RDS applies updates to DB Instances in-place, which can lead to service interruptions.\nLow-downtime updates minimize service interruptions by performing the updates with an [RDS Blue/Green deployment][blue-green] and switching over the instances when complete.\n\nLow-downtime updates are only available for DB Instances using MySQL, MariaDB and PostgreSQL,\nas other engines are not supported by RDS Blue/Green deployments.\nThey cannot be used with DB Instances with replicas.\n\nBackups must be enabled to use low-downtime updates.\n\nEnable low-downtime updates by setting `blue_green_update.enabled` to `true`.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"8.0\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n username: \"foo\",\n password: \"foobarbaz\",\n parameterGroupName: \"default.mysql8.0\",\n skipFinalSnapshot: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"8.0\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n username=\"foo\",\n password=\"foobarbaz\",\n parameter_group_name=\"default.mysql8.0\",\n skip_final_snapshot=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"8.0\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n Username = \"foo\",\n Password = \"foobarbaz\",\n ParameterGroupName = \"default.mysql8.0\",\n SkipFinalSnapshot = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"8.0\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql8.0\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"8.0\")\n .instanceClass(\"db.t3.micro\")\n .username(\"foo\")\n .password(\"foobarbaz\")\n .parameterGroupName(\"default.mysql8.0\")\n .skipFinalSnapshot(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '8.0'\n instanceClass: db.t3.micro\n username: foo\n password: foobarbaz\n parameterGroupName: default.mysql8.0\n skipFinalSnapshot: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for Oracle Usage with Replica\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the available instance classes for the custom engine for the region being operated in\nconst custom-oracle = aws.rds.getOrderableDbInstance({\n engine: \"custom-oracle-ee\",\n engineVersion: \"19.c.ee.002\",\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ],\n});\n// The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\nconst byId = aws.kms.getKey({\n keyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 50,\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomInstanceProfile\",\n backupRetentionPeriod: 7,\n dbSubnetGroupName: dbSubnetGroupName,\n engine: custom_oracle.then(custom_oracle =\u003e custom_oracle.engine),\n engineVersion: custom_oracle.then(custom_oracle =\u003e custom_oracle.engineVersion),\n identifier: \"ee-instance-demo\",\n instanceClass: custom_oracle.then(custom_oracle =\u003e custom_oracle.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n licenseModel: custom_oracle.then(custom_oracle =\u003e custom_oracle.licenseModel),\n multiAz: false,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n storageEncrypted: true,\n});\nconst test_replica = new aws.rds.Instance(\"test-replica\", {\n replicateSourceDb: _default.identifier,\n replicaMode: \"mounted\",\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomInstanceProfile\",\n backupRetentionPeriod: 7,\n identifier: \"ee-instance-replica\",\n instanceClass: custom_oracle.then(custom_oracle =\u003e custom_oracle.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n multiAz: false,\n skipFinalSnapshot: true,\n storageEncrypted: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the available instance classes for the custom engine for the region being operated in\ncustom_oracle = aws.rds.get_orderable_db_instance(engine=\"custom-oracle-ee\",\n engine_version=\"19.c.ee.002\",\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ])\n# The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\nby_id = aws.kms.get_key(key_id=\"example-ef278353ceba4a5a97de6784565b9f78\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=50,\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomInstanceProfile\",\n backup_retention_period=7,\n db_subnet_group_name=db_subnet_group_name,\n engine=custom_oracle.engine,\n engine_version=custom_oracle.engine_version,\n identifier=\"ee-instance-demo\",\n instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n kms_key_id=by_id.arn,\n license_model=custom_oracle.license_model,\n multi_az=False,\n password=\"avoid-plaintext-passwords\",\n username=\"test\",\n storage_encrypted=True)\ntest_replica = aws.rds.Instance(\"test-replica\",\n replicate_source_db=default.identifier,\n replica_mode=\"mounted\",\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomInstanceProfile\",\n backup_retention_period=7,\n identifier=\"ee-instance-replica\",\n instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n kms_key_id=by_id.arn,\n multi_az=False,\n skip_final_snapshot=True,\n storage_encrypted=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the available instance classes for the custom engine for the region being operated in\n var custom_oracle = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = \"custom-oracle-ee\",\n EngineVersion = \"19.c.ee.002\",\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n },\n });\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n var byId = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"example-ef278353ceba4a5a97de6784565b9f78\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 50,\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomInstanceProfile\",\n BackupRetentionPeriod = 7,\n DbSubnetGroupName = dbSubnetGroupName,\n Engine = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine)),\n EngineVersion = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion)),\n Identifier = \"ee-instance-demo\",\n InstanceClass = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n LicenseModel = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.LicenseModel)),\n MultiAz = false,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n StorageEncrypted = true,\n });\n\n var test_replica = new Aws.Rds.Instance(\"test-replica\", new()\n {\n ReplicateSourceDb = @default.Identifier,\n ReplicaMode = \"mounted\",\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomInstanceProfile\",\n BackupRetentionPeriod = 7,\n Identifier = \"ee-instance-replica\",\n InstanceClass = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n MultiAz = false,\n SkipFinalSnapshot = true,\n StorageEncrypted = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the available instance classes for the custom engine for the region being operated in\n\t\tcustom_oracle, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"custom-oracle-ee\",\n\t\t\tEngineVersion: pulumi.StringRef(\"19.c.ee.002\"),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.xlarge\",\n\t\t\t\t\"db.r5.2xlarge\",\n\t\t\t\t\"db.r5.4xlarge\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n\t\tbyId, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbSubnetGroupName: pulumi.Any(dbSubnetGroupName),\n\t\t\tEngine: pulumi.String(custom_oracle.Engine),\n\t\t\tEngineVersion: pulumi.String(custom_oracle.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"ee-instance-demo\"),\n\t\t\tInstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: pulumi.String(byId.Arn),\n\t\t\tLicenseModel: pulumi.String(custom_oracle.LicenseModel),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"test-replica\", \u0026rds.InstanceArgs{\n\t\t\tReplicateSourceDb: _default.Identifier,\n\t\t\tReplicaMode: pulumi.String(\"mounted\"),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tIdentifier: pulumi.String(\"ee-instance-replica\"),\n\t\t\tInstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: pulumi.String(byId.Arn),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Lookup the available instance classes for the custom engine for the region being operated in\n final var custom-oracle = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-oracle-ee\")\n .engineVersion(\"19.c.ee.002\")\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .allocatedStorage(50)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(dbSubnetGroupName)\n .engine(custom_oracle.engine())\n .engineVersion(custom_oracle.engineVersion())\n .identifier(\"ee-instance-demo\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .licenseModel(custom_oracle.licenseModel())\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .storageEncrypted(true)\n .build());\n\n var test_replica = new Instance(\"test-replica\", InstanceArgs.builder()\n .replicateSourceDb(default_.identifier())\n .replicaMode(\"mounted\")\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .identifier(\"ee-instance-replica\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .skipFinalSnapshot(true)\n .storageEncrypted(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n autoMinorVersionUpgrade: false # Custom for Oracle does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${dbSubnetGroupName}\n engine: ${[\"custom-oracle\"].engine}\n engineVersion: ${[\"custom-oracle\"].engineVersion}\n identifier: ee-instance-demo\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n licenseModel: ${[\"custom-oracle\"].licenseModel}\n multiAz: false # Custom for Oracle does not support multi-az\n password: avoid-plaintext-passwords\n username: test\n storageEncrypted: true\n test-replica:\n type: aws:rds:Instance\n properties:\n replicateSourceDb: ${default.identifier}\n replicaMode: mounted\n autoMinorVersionUpgrade: false\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n backupRetentionPeriod: 7\n identifier: ee-instance-replica\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false # Custom for Oracle does not support multi-az\n skipFinalSnapshot: true\n storageEncrypted: true\nvariables:\n # Lookup the available instance classes for the custom engine for the region being operated in\n custom-oracle:\n fn::invoke:\n function: aws:rds:getOrderableDbInstance\n arguments:\n engine: custom-oracle-ee\n engineVersion: 19.c.ee.002\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n # The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n byId:\n fn::invoke:\n function: aws:kms:getKey\n arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for SQL Server\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the available instance classes for the custom engine for the region being operated in\nconst custom-sqlserver = aws.rds.getOrderableDbInstance({\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.v1\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ],\n});\n// The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\nconst byId = aws.kms.getKey({\n keyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n});\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 500,\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomSQLServerInstanceProfile\",\n backupRetentionPeriod: 7,\n dbSubnetGroupName: dbSubnetGroupName,\n engine: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.engine),\n engineVersion: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.engineVersion),\n identifier: \"sql-instance-demo\",\n instanceClass: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n multiAz: false,\n password: \"avoid-plaintext-passwords\",\n storageEncrypted: true,\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the available instance classes for the custom engine for the region being operated in\ncustom_sqlserver = aws.rds.get_orderable_db_instance(engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.v1\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ])\n# The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\nby_id = aws.kms.get_key(key_id=\"example-ef278353ceba4a5a97de6784565b9f78\")\nexample = aws.rds.Instance(\"example\",\n allocated_storage=500,\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomSQLServerInstanceProfile\",\n backup_retention_period=7,\n db_subnet_group_name=db_subnet_group_name,\n engine=custom_sqlserver.engine,\n engine_version=custom_sqlserver.engine_version,\n identifier=\"sql-instance-demo\",\n instance_class=custom_sqlserver.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n kms_key_id=by_id.arn,\n multi_az=False,\n password=\"avoid-plaintext-passwords\",\n storage_encrypted=True,\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the available instance classes for the custom engine for the region being operated in\n var custom_sqlserver = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.v1\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n },\n });\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n var byId = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"example-ef278353ceba4a5a97de6784565b9f78\",\n });\n\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 500,\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomSQLServerInstanceProfile\",\n BackupRetentionPeriod = 7,\n DbSubnetGroupName = dbSubnetGroupName,\n Engine = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine)),\n EngineVersion = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion)),\n Identifier = \"sql-instance-demo\",\n InstanceClass = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n MultiAz = false,\n Password = \"avoid-plaintext-passwords\",\n StorageEncrypted = true,\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the available instance classes for the custom engine for the region being operated in\n\t\tcustom_sqlserver, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"custom-sqlserver-se\",\n\t\t\tEngineVersion: pulumi.StringRef(\"15.00.4249.2.v1\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.xlarge\",\n\t\t\t\t\"db.r5.2xlarge\",\n\t\t\t\t\"db.r5.4xlarge\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n\t\tbyId, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(500),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomSQLServerInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbSubnetGroupName: pulumi.Any(dbSubnetGroupName),\n\t\t\tEngine: pulumi.String(custom_sqlserver.Engine),\n\t\t\tEngineVersion: pulumi.String(custom_sqlserver.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"sql-instance-demo\"),\n\t\t\tInstanceClass: custom_sqlserver.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: pulumi.String(byId.Arn),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Lookup the available instance classes for the custom engine for the region being operated in\n final var custom-sqlserver = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.v1\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder()\n .allocatedStorage(500)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomSQLServerInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(dbSubnetGroupName)\n .engine(custom_sqlserver.engine())\n .engineVersion(custom_sqlserver.engineVersion())\n .identifier(\"sql-instance-demo\")\n .instanceClass(custom_sqlserver.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .storageEncrypted(true)\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 500\n autoMinorVersionUpgrade: false # Custom for SQL Server does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomSQLServerInstanceProfile\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${dbSubnetGroupName}\n engine: ${[\"custom-sqlserver\"].engine}\n engineVersion: ${[\"custom-sqlserver\"].engineVersion}\n identifier: sql-instance-demo\n instanceClass: ${[\"custom-sqlserver\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false # Custom for SQL Server does support multi-az\n password: avoid-plaintext-passwords\n storageEncrypted: true\n username: test\nvariables:\n # Lookup the available instance classes for the custom engine for the region being operated in\n custom-sqlserver:\n fn::invoke:\n function: aws:rds:getOrderableDbInstance\n arguments:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.v1\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n # The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n byId:\n fn::invoke:\n function: aws:kms:getKey\n arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Db2 Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\nconst default = aws.rds.getEngineVersion({\n engine: \"db2-se\",\n});\n// Lookup the available instance classes for the engine in the region being operated in\nconst example = Promise.all([_default, _default]).then(([_default, _default1]) =\u003e aws.rds.getOrderableDbInstance({\n engine: _default.engine,\n engineVersion: _default1.version,\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ],\n}));\n// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nconst exampleParameterGroup = new aws.rds.ParameterGroup(\"example\", {\n name: \"db-db2-params\",\n family: _default.then(_default =\u003e _default.parameterGroupFamily),\n parameters: [\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_customer_id\",\n value: \"0\",\n },\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_site_id\",\n value: \"0\",\n },\n ],\n});\n// Create the RDS Db2 instance, use the data sources defined to set attributes\nconst exampleInstance = new aws.rds.Instance(\"example\", {\n allocatedStorage: 100,\n backupRetentionPeriod: 7,\n dbName: \"test\",\n engine: example.then(example =\u003e example.engine),\n engineVersion: example.then(example =\u003e example.engineVersion),\n identifier: \"db2-instance-demo\",\n instanceClass: example.then(example =\u003e example.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n parameterGroupName: exampleParameterGroup.name,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\ndefault = aws.rds.get_engine_version(engine=\"db2-se\")\n# Lookup the available instance classes for the engine in the region being operated in\nexample = aws.rds.get_orderable_db_instance(engine=default.engine,\n engine_version=default.version,\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ])\n# The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nexample_parameter_group = aws.rds.ParameterGroup(\"example\",\n name=\"db-db2-params\",\n family=default.parameter_group_family,\n parameters=[\n {\n \"apply_method\": \"immediate\",\n \"name\": \"rds.ibm_customer_id\",\n \"value\": \"0\",\n },\n {\n \"apply_method\": \"immediate\",\n \"name\": \"rds.ibm_site_id\",\n \"value\": \"0\",\n },\n ])\n# Create the RDS Db2 instance, use the data sources defined to set attributes\nexample_instance = aws.rds.Instance(\"example\",\n allocated_storage=100,\n backup_retention_period=7,\n db_name=\"test\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"db2-instance-demo\",\n instance_class=example.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n parameter_group_name=example_parameter_group.name,\n password=\"avoid-plaintext-passwords\",\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n var @default = Aws.Rds.GetEngineVersion.Invoke(new()\n {\n Engine = \"db2-se\",\n });\n\n // Lookup the available instance classes for the engine in the region being operated in\n var example = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Engine),\n EngineVersion = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Version),\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n },\n });\n\n // The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n var exampleParameterGroup = new Aws.Rds.ParameterGroup(\"example\", new()\n {\n Name = \"db-db2-params\",\n Family = @default.Apply(@default =\u003e @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.ParameterGroupFamily)),\n Parameters = new[]\n {\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_customer_id\",\n Value = \"0\",\n },\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_site_id\",\n Value = \"0\",\n },\n },\n });\n\n // Create the RDS Db2 instance, use the data sources defined to set attributes\n var exampleInstance = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 100,\n BackupRetentionPeriod = 7,\n DbName = \"test\",\n Engine = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine),\n EngineVersion = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion),\n Identifier = \"db2-instance-demo\",\n InstanceClass = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n ParameterGroupName = exampleParameterGroup.Name,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n\t\t_default, err := rds.GetEngineVersion(ctx, \u0026rds.GetEngineVersionArgs{\n\t\t\tEngine: \"db2-se\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Lookup the available instance classes for the engine in the region being operated in\n\t\texample, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: pulumi.StringRef(_default.Version),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.t3.small\",\n\t\t\t\t\"db.r6i.large\",\n\t\t\t\t\"db.m6i.large\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n\t\texampleParameterGroup, err := rds.NewParameterGroup(ctx, \"example\", \u0026rds.ParameterGroupArgs{\n\t\t\tName: pulumi.String(\"db-db2-params\"),\n\t\t\tFamily: pulumi.String(_default.ParameterGroupFamily),\n\t\t\tParameters: rds.ParameterGroupParameterArray{\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_customer_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_site_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the RDS Db2 instance, use the data sources defined to set attributes\n\t\t_, err = rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(100),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbName: pulumi.String(\"test\"),\n\t\t\tEngine: pulumi.String(example.Engine),\n\t\t\tEngineVersion: pulumi.String(example.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"db2-instance-demo\"),\n\t\t\tInstanceClass: example.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tParameterGroupName: exampleParameterGroup.Name,\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetEngineVersionArgs;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.rds.ParameterGroup;\nimport com.pulumi.aws.rds.ParameterGroupArgs;\nimport com.pulumi.aws.rds.inputs.ParameterGroupParameterArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n final var default = RdsFunctions.getEngineVersion(GetEngineVersionArgs.builder()\n .engine(\"db2-se\")\n .build());\n\n // Lookup the available instance classes for the engine in the region being operated in\n final var example = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(default_.engine())\n .engineVersion(default_.version())\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\")\n .build());\n\n // The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n var exampleParameterGroup = new ParameterGroup(\"exampleParameterGroup\", ParameterGroupArgs.builder()\n .name(\"db-db2-params\")\n .family(default_.parameterGroupFamily())\n .parameters( \n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_customer_id\")\n .value(0)\n .build(),\n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_site_id\")\n .value(0)\n .build())\n .build());\n\n // Create the RDS Db2 instance, use the data sources defined to set attributes\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder()\n .allocatedStorage(100)\n .backupRetentionPeriod(7)\n .dbName(\"test\")\n .engine(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engine()))\n .engineVersion(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engineVersion()))\n .identifier(\"db2-instance-demo\")\n .instanceClass(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.instanceClass()))\n .parameterGroupName(exampleParameterGroup.name())\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n exampleParameterGroup:\n type: aws:rds:ParameterGroup\n name: example\n properties:\n name: db-db2-params\n family: ${default.parameterGroupFamily}\n parameters:\n - applyMethod: immediate\n name: rds.ibm_customer_id\n value: 0\n - applyMethod: immediate\n name: rds.ibm_site_id\n value: 0\n # Create the RDS Db2 instance, use the data sources defined to set attributes\n exampleInstance:\n type: aws:rds:Instance\n name: example\n properties:\n allocatedStorage: 100\n backupRetentionPeriod: 7\n dbName: test\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: db2-instance-demo\n instanceClass: ${example.instanceClass}\n parameterGroupName: ${exampleParameterGroup.name}\n password: avoid-plaintext-passwords\n username: test\nvariables:\n # Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n default:\n fn::invoke:\n function: aws:rds:getEngineVersion\n arguments:\n engine: db2-se\n # Lookup the available instance classes for the engine in the region being operated in\n example:\n fn::invoke:\n function: aws:rds:getOrderableDbInstance\n arguments:\n engine: ${default.engine}\n engineVersion: ${default.version}\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.t3.small\n - db.r6i.large\n - db.m6i.large\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Storage Autoscaling\n\nTo enable Storage Autoscaling with instances that support the feature, define the `max_allocated_storage` argument higher than the `allocated_storage` argument. This provider will automatically hide differences with the `allocated_storage` argument value if autoscaling occurs.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 50,\n maxAllocatedStorage: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Instance(\"example\",\n allocated_storage=50,\n max_allocated_storage=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 50,\n MaxAllocatedStorage = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tMaxAllocatedStorage: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Instance(\"example\", InstanceArgs.builder()\n .allocatedStorage(50)\n .maxAllocatedStorage(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n maxAllocatedStorage: 100\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Managed Master Passwords via Secrets Manager, default KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `manage_master_user_password` attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the `manage_master_user_password` attribute and removing the `password` attribute (removal is required).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"8.0\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n manageMasterUserPassword: true,\n username: \"foo\",\n parameterGroupName: \"default.mysql8.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"8.0\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n manage_master_user_password=True,\n username=\"foo\",\n parameter_group_name=\"default.mysql8.0\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"8.0\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n ManageMasterUserPassword = true,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql8.0\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"8.0\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql8.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"8.0\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .username(\"foo\")\n .parameterGroupName(\"default.mysql8.0\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '8.0'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n username: foo\n parameterGroupName: default.mysql8.0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Managed Master Passwords via Secrets Manager, specific KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `master_user_secret_kms_key_id` attribute to specify a specific KMS Key.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"Example KMS Key\"});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"8.0\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n manageMasterUserPassword: true,\n masterUserSecretKmsKeyId: example.keyId,\n username: \"foo\",\n parameterGroupName: \"default.mysql8.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.Key(\"example\", description=\"Example KMS Key\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"8.0\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n manage_master_user_password=True,\n master_user_secret_kms_key_id=example.key_id,\n username=\"foo\",\n parameter_group_name=\"default.mysql8.0\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Example KMS Key\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"8.0\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n ManageMasterUserPassword = true,\n MasterUserSecretKmsKeyId = example.KeyId,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql8.0\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example KMS Key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"8.0\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUserSecretKmsKeyId: example.KeyId,\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql8.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder()\n .description(\"Example KMS Key\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"8.0\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .masterUserSecretKmsKeyId(example.keyId())\n .username(\"foo\")\n .parameterGroupName(\"default.mysql8.0\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: Example KMS Key\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '8.0'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n masterUserSecretKmsKeyId: ${example.keyId}\n username: foo\n parameterGroupName: default.mysql8.0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DB Instances using the `identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/instance:Instance default mydb-rds-instance\n```\n", + "description": "Provides an RDS instance resource. A DB instance is an isolated database\nenvironment in the cloud. A DB instance can contain multiple user-created\ndatabases.\n\nChanges to a DB instance can occur when you manually change a parameter, such as\n`allocated_storage`, and are reflected in the next maintenance window. Because\nof this, this provider may report a difference in its planning phase because a\nmodification has not yet taken place. You can use the `apply_immediately` flag\nto instruct the service to apply the change immediately (see documentation\nbelow).\n\nWhen upgrading the major version of an engine, `allow_major_version_upgrade` must be set to `true`.\n\n\u003e **Note:** using `apply_immediately` can result in a brief downtime as the server reboots.\nSee the AWS Docs on [RDS Instance Maintenance][instance-maintenance] for more information.\n\n\u003e **Note:** All arguments including the username and password will be stored in the raw state as plain-text.\nRead more about sensitive data instate.\n\n\n\n## RDS Instance Class Types\n\nAmazon RDS supports instance classes for the following use cases: General-purpose, Memory-optimized, Burstable Performance, and Optimized-reads.\nFor more information please read the AWS RDS documentation about [DB Instance Class Types](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html)\n\n## Low-Downtime Updates\n\nBy default, RDS applies updates to DB Instances in-place, which can lead to service interruptions.\nLow-downtime updates minimize service interruptions by performing the updates with an [RDS Blue/Green deployment][blue-green] and switching over the instances when complete.\n\nLow-downtime updates are only available for DB Instances using MySQL, MariaDB and PostgreSQL,\nas other engines are not supported by RDS Blue/Green deployments.\nThey cannot be used with DB Instances with replicas.\n\nBackups must be enabled to use low-downtime updates.\n\nEnable low-downtime updates by setting `blue_green_update.enabled` to `true`.\n\n## Example Usage\n\n### Basic Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"8.0\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n username: \"foo\",\n password: \"foobarbaz\",\n parameterGroupName: \"default.mysql8.0\",\n skipFinalSnapshot: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"8.0\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n username=\"foo\",\n password=\"foobarbaz\",\n parameter_group_name=\"default.mysql8.0\",\n skip_final_snapshot=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"8.0\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n Username = \"foo\",\n Password = \"foobarbaz\",\n ParameterGroupName = \"default.mysql8.0\",\n SkipFinalSnapshot = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"8.0\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql8.0\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"8.0\")\n .instanceClass(\"db.t3.micro\")\n .username(\"foo\")\n .password(\"foobarbaz\")\n .parameterGroupName(\"default.mysql8.0\")\n .skipFinalSnapshot(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '8.0'\n instanceClass: db.t3.micro\n username: foo\n password: foobarbaz\n parameterGroupName: default.mysql8.0\n skipFinalSnapshot: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for Oracle Usage with Replica\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the available instance classes for the custom engine for the region being operated in\nconst custom_oracle = aws.rds.getOrderableDbInstance({\n engine: \"custom-oracle-ee\",\n engineVersion: \"19.c.ee.002\",\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ],\n});\n// The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\nconst byId = aws.kms.getKey({\n keyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 50,\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomInstanceProfile\",\n backupRetentionPeriod: 7,\n dbSubnetGroupName: dbSubnetGroupName,\n engine: custom_oracle.then(custom_oracle =\u003e custom_oracle.engine),\n engineVersion: custom_oracle.then(custom_oracle =\u003e custom_oracle.engineVersion),\n identifier: \"ee-instance-demo\",\n instanceClass: custom_oracle.then(custom_oracle =\u003e custom_oracle.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n licenseModel: custom_oracle.then(custom_oracle =\u003e custom_oracle.licenseModel),\n multiAz: false,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n storageEncrypted: true,\n});\nconst test_replica = new aws.rds.Instance(\"test-replica\", {\n replicateSourceDb: _default.identifier,\n replicaMode: \"mounted\",\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomInstanceProfile\",\n backupRetentionPeriod: 7,\n identifier: \"ee-instance-replica\",\n instanceClass: custom_oracle.then(custom_oracle =\u003e custom_oracle.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n multiAz: false,\n skipFinalSnapshot: true,\n storageEncrypted: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the available instance classes for the custom engine for the region being operated in\ncustom_oracle = aws.rds.get_orderable_db_instance(engine=\"custom-oracle-ee\",\n engine_version=\"19.c.ee.002\",\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ])\n# The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\nby_id = aws.kms.get_key(key_id=\"example-ef278353ceba4a5a97de6784565b9f78\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=50,\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomInstanceProfile\",\n backup_retention_period=7,\n db_subnet_group_name=db_subnet_group_name,\n engine=custom_oracle.engine,\n engine_version=custom_oracle.engine_version,\n identifier=\"ee-instance-demo\",\n instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n kms_key_id=by_id.arn,\n license_model=custom_oracle.license_model,\n multi_az=False,\n password=\"avoid-plaintext-passwords\",\n username=\"test\",\n storage_encrypted=True)\ntest_replica = aws.rds.Instance(\"test-replica\",\n replicate_source_db=default.identifier,\n replica_mode=\"mounted\",\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomInstanceProfile\",\n backup_retention_period=7,\n identifier=\"ee-instance-replica\",\n instance_class=custom_oracle.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n kms_key_id=by_id.arn,\n multi_az=False,\n skip_final_snapshot=True,\n storage_encrypted=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the available instance classes for the custom engine for the region being operated in\n var custom_oracle = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = \"custom-oracle-ee\",\n EngineVersion = \"19.c.ee.002\",\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n },\n });\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n var byId = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"example-ef278353ceba4a5a97de6784565b9f78\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 50,\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomInstanceProfile\",\n BackupRetentionPeriod = 7,\n DbSubnetGroupName = dbSubnetGroupName,\n Engine = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine)),\n EngineVersion = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion)),\n Identifier = \"ee-instance-demo\",\n InstanceClass = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n LicenseModel = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.LicenseModel)),\n MultiAz = false,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n StorageEncrypted = true,\n });\n\n var test_replica = new Aws.Rds.Instance(\"test-replica\", new()\n {\n ReplicateSourceDb = @default.Identifier,\n ReplicaMode = \"mounted\",\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomInstanceProfile\",\n BackupRetentionPeriod = 7,\n Identifier = \"ee-instance-replica\",\n InstanceClass = custom_oracle.Apply(custom_oracle =\u003e custom_oracle.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n MultiAz = false,\n SkipFinalSnapshot = true,\n StorageEncrypted = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the available instance classes for the custom engine for the region being operated in\n\t\tcustom_oracle, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"custom-oracle-ee\",\n\t\t\tEngineVersion: pulumi.StringRef(\"19.c.ee.002\"),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.xlarge\",\n\t\t\t\t\"db.r5.2xlarge\",\n\t\t\t\t\"db.r5.4xlarge\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n\t\tbyId, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbSubnetGroupName: pulumi.Any(dbSubnetGroupName),\n\t\t\tEngine: pulumi.String(custom_oracle.Engine),\n\t\t\tEngineVersion: pulumi.String(custom_oracle.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"ee-instance-demo\"),\n\t\t\tInstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: pulumi.String(byId.Arn),\n\t\t\tLicenseModel: pulumi.String(custom_oracle.LicenseModel),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"test-replica\", \u0026rds.InstanceArgs{\n\t\t\tReplicateSourceDb: _default.Identifier,\n\t\t\tReplicaMode: pulumi.String(\"mounted\"),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tIdentifier: pulumi.String(\"ee-instance-replica\"),\n\t\t\tInstanceClass: custom_oracle.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: pulumi.String(byId.Arn),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Lookup the available instance classes for the custom engine for the region being operated in\n final var custom-oracle = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-oracle-ee\")\n .engineVersion(\"19.c.ee.002\")\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .allocatedStorage(50)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(dbSubnetGroupName)\n .engine(custom_oracle.engine())\n .engineVersion(custom_oracle.engineVersion())\n .identifier(\"ee-instance-demo\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .licenseModel(custom_oracle.licenseModel())\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .storageEncrypted(true)\n .build());\n\n var test_replica = new Instance(\"test-replica\", InstanceArgs.builder()\n .replicateSourceDb(default_.identifier())\n .replicaMode(\"mounted\")\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomInstanceProfile\")\n .backupRetentionPeriod(7)\n .identifier(\"ee-instance-replica\")\n .instanceClass(custom_oracle.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .skipFinalSnapshot(true)\n .storageEncrypted(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n autoMinorVersionUpgrade: false # Custom for Oracle does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${dbSubnetGroupName}\n engine: ${[\"custom-oracle\"].engine}\n engineVersion: ${[\"custom-oracle\"].engineVersion}\n identifier: ee-instance-demo\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n licenseModel: ${[\"custom-oracle\"].licenseModel}\n multiAz: false # Custom for Oracle does not support multi-az\n password: avoid-plaintext-passwords\n username: test\n storageEncrypted: true\n test-replica:\n type: aws:rds:Instance\n properties:\n replicateSourceDb: ${default.identifier}\n replicaMode: mounted\n autoMinorVersionUpgrade: false\n customIamInstanceProfile: AWSRDSCustomInstanceProfile\n backupRetentionPeriod: 7\n identifier: ee-instance-replica\n instanceClass: ${[\"custom-oracle\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false # Custom for Oracle does not support multi-az\n skipFinalSnapshot: true\n storageEncrypted: true\nvariables:\n # Lookup the available instance classes for the custom engine for the region being operated in\n custom-oracle:\n fn::invoke:\n function: aws:rds:getOrderableDbInstance\n arguments:\n engine: custom-oracle-ee\n engineVersion: 19.c.ee.002\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n # The RDS instance resource requires an ARN. Look up the ARN of the KMS key associated with the CEV.\n byId:\n fn::invoke:\n function: aws:kms:getKey\n arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Custom for SQL Server\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the available instance classes for the custom engine for the region being operated in\nconst custom_sqlserver = aws.rds.getOrderableDbInstance({\n engine: \"custom-sqlserver-se\",\n engineVersion: \"15.00.4249.2.v1\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ],\n});\n// The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\nconst byId = aws.kms.getKey({\n keyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n});\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 500,\n autoMinorVersionUpgrade: false,\n customIamInstanceProfile: \"AWSRDSCustomSQLServerInstanceProfile\",\n backupRetentionPeriod: 7,\n dbSubnetGroupName: dbSubnetGroupName,\n engine: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.engine),\n engineVersion: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.engineVersion),\n identifier: \"sql-instance-demo\",\n instanceClass: custom_sqlserver.then(custom_sqlserver =\u003e custom_sqlserver.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n kmsKeyId: byId.then(byId =\u003e byId.arn),\n multiAz: false,\n password: \"avoid-plaintext-passwords\",\n storageEncrypted: true,\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the available instance classes for the custom engine for the region being operated in\ncustom_sqlserver = aws.rds.get_orderable_db_instance(engine=\"custom-sqlserver-se\",\n engine_version=\"15.00.4249.2.v1\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n ])\n# The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\nby_id = aws.kms.get_key(key_id=\"example-ef278353ceba4a5a97de6784565b9f78\")\nexample = aws.rds.Instance(\"example\",\n allocated_storage=500,\n auto_minor_version_upgrade=False,\n custom_iam_instance_profile=\"AWSRDSCustomSQLServerInstanceProfile\",\n backup_retention_period=7,\n db_subnet_group_name=db_subnet_group_name,\n engine=custom_sqlserver.engine,\n engine_version=custom_sqlserver.engine_version,\n identifier=\"sql-instance-demo\",\n instance_class=custom_sqlserver.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n kms_key_id=by_id.arn,\n multi_az=False,\n password=\"avoid-plaintext-passwords\",\n storage_encrypted=True,\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the available instance classes for the custom engine for the region being operated in\n var custom_sqlserver = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = \"custom-sqlserver-se\",\n EngineVersion = \"15.00.4249.2.v1\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\",\n },\n });\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n var byId = Aws.Kms.GetKey.Invoke(new()\n {\n KeyId = \"example-ef278353ceba4a5a97de6784565b9f78\",\n });\n\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 500,\n AutoMinorVersionUpgrade = false,\n CustomIamInstanceProfile = \"AWSRDSCustomSQLServerInstanceProfile\",\n BackupRetentionPeriod = 7,\n DbSubnetGroupName = dbSubnetGroupName,\n Engine = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine)),\n EngineVersion = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion)),\n Identifier = \"sql-instance-demo\",\n InstanceClass = custom_sqlserver.Apply(custom_sqlserver =\u003e custom_sqlserver.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass)).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n KmsKeyId = byId.Apply(getKeyResult =\u003e getKeyResult.Arn),\n MultiAz = false,\n Password = \"avoid-plaintext-passwords\",\n StorageEncrypted = true,\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the available instance classes for the custom engine for the region being operated in\n\t\tcustom_sqlserver, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"custom-sqlserver-se\",\n\t\t\tEngineVersion: pulumi.StringRef(\"15.00.4249.2.v1\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.xlarge\",\n\t\t\t\t\"db.r5.2xlarge\",\n\t\t\t\t\"db.r5.4xlarge\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n\t\tbyId, err := kms.LookupKey(ctx, \u0026kms.LookupKeyArgs{\n\t\t\tKeyId: \"example-ef278353ceba4a5a97de6784565b9f78\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(500),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(false),\n\t\t\tCustomIamInstanceProfile: pulumi.String(\"AWSRDSCustomSQLServerInstanceProfile\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbSubnetGroupName: pulumi.Any(dbSubnetGroupName),\n\t\t\tEngine: pulumi.String(custom_sqlserver.Engine),\n\t\t\tEngineVersion: pulumi.String(custom_sqlserver.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"sql-instance-demo\"),\n\t\t\tInstanceClass: custom_sqlserver.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tKmsKeyId: pulumi.String(byId.Arn),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tStorageEncrypted: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.kms.KmsFunctions;\nimport com.pulumi.aws.kms.inputs.GetKeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Lookup the available instance classes for the custom engine for the region being operated in\n final var custom-sqlserver = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(\"custom-sqlserver-se\")\n .engineVersion(\"15.00.4249.2.v1\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.r5.xlarge\",\n \"db.r5.2xlarge\",\n \"db.r5.4xlarge\")\n .build());\n\n // The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n final var byId = KmsFunctions.getKey(GetKeyArgs.builder()\n .keyId(\"example-ef278353ceba4a5a97de6784565b9f78\")\n .build());\n\n var example = new Instance(\"example\", InstanceArgs.builder()\n .allocatedStorage(500)\n .autoMinorVersionUpgrade(false)\n .customIamInstanceProfile(\"AWSRDSCustomSQLServerInstanceProfile\")\n .backupRetentionPeriod(7)\n .dbSubnetGroupName(dbSubnetGroupName)\n .engine(custom_sqlserver.engine())\n .engineVersion(custom_sqlserver.engineVersion())\n .identifier(\"sql-instance-demo\")\n .instanceClass(custom_sqlserver.instanceClass())\n .kmsKeyId(byId.applyValue(getKeyResult -\u003e getKeyResult.arn()))\n .multiAz(false)\n .password(\"avoid-plaintext-passwords\")\n .storageEncrypted(true)\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 500\n autoMinorVersionUpgrade: false # Custom for SQL Server does not support minor version upgrades\n customIamInstanceProfile: AWSRDSCustomSQLServerInstanceProfile\n backupRetentionPeriod: 7\n dbSubnetGroupName: ${dbSubnetGroupName}\n engine: ${[\"custom-sqlserver\"].engine}\n engineVersion: ${[\"custom-sqlserver\"].engineVersion}\n identifier: sql-instance-demo\n instanceClass: ${[\"custom-sqlserver\"].instanceClass}\n kmsKeyId: ${byId.arn}\n multiAz: false # Custom for SQL Server does support multi-az\n password: avoid-plaintext-passwords\n storageEncrypted: true\n username: test\nvariables:\n # Lookup the available instance classes for the custom engine for the region being operated in\n custom-sqlserver:\n fn::invoke:\n function: aws:rds:getOrderableDbInstance\n arguments:\n engine: custom-sqlserver-se\n engineVersion: 15.00.4249.2.v1\n storageType: gp3\n preferredInstanceClasses:\n - db.r5.xlarge\n - db.r5.2xlarge\n - db.r5.4xlarge\n # The RDS instance resource requires an ARN. Look up the ARN of the KMS key.\n byId:\n fn::invoke:\n function: aws:kms:getKey\n arguments:\n keyId: example-ef278353ceba4a5a97de6784565b9f78\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### RDS Db2 Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\nconst _default = aws.rds.getEngineVersion({\n engine: \"db2-se\",\n});\n// Lookup the available instance classes for the engine in the region being operated in\nconst example = Promise.all([_default, _default]).then(([_default, _default1]) =\u003e aws.rds.getOrderableDbInstance({\n engine: _default.engine,\n engineVersion: _default1.version,\n licenseModel: \"bring-your-own-license\",\n storageType: \"gp3\",\n preferredInstanceClasses: [\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ],\n}));\n// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nconst exampleParameterGroup = new aws.rds.ParameterGroup(\"example\", {\n name: \"db-db2-params\",\n family: _default.then(_default =\u003e _default.parameterGroupFamily),\n parameters: [\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_customer_id\",\n value: \"0\",\n },\n {\n applyMethod: \"immediate\",\n name: \"rds.ibm_site_id\",\n value: \"0\",\n },\n ],\n});\n// Create the RDS Db2 instance, use the data sources defined to set attributes\nconst exampleInstance = new aws.rds.Instance(\"example\", {\n allocatedStorage: 100,\n backupRetentionPeriod: 7,\n dbName: \"test\",\n engine: example.then(example =\u003e example.engine),\n engineVersion: example.then(example =\u003e example.engineVersion),\n identifier: \"db2-instance-demo\",\n instanceClass: example.then(example =\u003e example.instanceClass).apply((x) =\u003e aws.rds.InstanceType[x]),\n parameterGroupName: exampleParameterGroup.name,\n password: \"avoid-plaintext-passwords\",\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\ndefault = aws.rds.get_engine_version(engine=\"db2-se\")\n# Lookup the available instance classes for the engine in the region being operated in\nexample = aws.rds.get_orderable_db_instance(engine=default.engine,\n engine_version=default.version,\n license_model=\"bring-your-own-license\",\n storage_type=\"gp3\",\n preferred_instance_classes=[\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n ])\n# The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\nexample_parameter_group = aws.rds.ParameterGroup(\"example\",\n name=\"db-db2-params\",\n family=default.parameter_group_family,\n parameters=[\n {\n \"apply_method\": \"immediate\",\n \"name\": \"rds.ibm_customer_id\",\n \"value\": \"0\",\n },\n {\n \"apply_method\": \"immediate\",\n \"name\": \"rds.ibm_site_id\",\n \"value\": \"0\",\n },\n ])\n# Create the RDS Db2 instance, use the data sources defined to set attributes\nexample_instance = aws.rds.Instance(\"example\",\n allocated_storage=100,\n backup_retention_period=7,\n db_name=\"test\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"db2-instance-demo\",\n instance_class=example.instance_class.apply(lambda x: aws.rds.InstanceType(x)),\n parameter_group_name=example_parameter_group.name,\n password=\"avoid-plaintext-passwords\",\n username=\"test\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n var @default = Aws.Rds.GetEngineVersion.Invoke(new()\n {\n Engine = \"db2-se\",\n });\n\n // Lookup the available instance classes for the engine in the region being operated in\n var example = Aws.Rds.GetOrderableDbInstance.Invoke(new()\n {\n Engine = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Engine),\n EngineVersion = @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.Version),\n LicenseModel = \"bring-your-own-license\",\n StorageType = \"gp3\",\n PreferredInstanceClasses = new[]\n {\n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\",\n },\n });\n\n // The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n var exampleParameterGroup = new Aws.Rds.ParameterGroup(\"example\", new()\n {\n Name = \"db-db2-params\",\n Family = @default.Apply(@default =\u003e @default.Apply(getEngineVersionResult =\u003e getEngineVersionResult.ParameterGroupFamily)),\n Parameters = new[]\n {\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_customer_id\",\n Value = \"0\",\n },\n new Aws.Rds.Inputs.ParameterGroupParameterArgs\n {\n ApplyMethod = \"immediate\",\n Name = \"rds.ibm_site_id\",\n Value = \"0\",\n },\n },\n });\n\n // Create the RDS Db2 instance, use the data sources defined to set attributes\n var exampleInstance = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 100,\n BackupRetentionPeriod = 7,\n DbName = \"test\",\n Engine = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.Engine),\n EngineVersion = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.EngineVersion),\n Identifier = \"db2-instance-demo\",\n InstanceClass = example.Apply(getOrderableDbInstanceResult =\u003e getOrderableDbInstanceResult.InstanceClass).Apply(System.Enum.Parse\u003cAws.Rds.InstanceType\u003e),\n ParameterGroupName = exampleParameterGroup.Name,\n Password = \"avoid-plaintext-passwords\",\n Username = \"test\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n\t\t_default, err := rds.GetEngineVersion(ctx, \u0026rds.GetEngineVersionArgs{\n\t\t\tEngine: \"db2-se\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Lookup the available instance classes for the engine in the region being operated in\n\t\texample, err := rds.GetOrderableDbInstance(ctx, \u0026rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: pulumi.StringRef(_default.Version),\n\t\t\tLicenseModel: pulumi.StringRef(\"bring-your-own-license\"),\n\t\t\tStorageType: pulumi.StringRef(\"gp3\"),\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.t3.small\",\n\t\t\t\t\"db.r6i.large\",\n\t\t\t\t\"db.m6i.large\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n\t\texampleParameterGroup, err := rds.NewParameterGroup(ctx, \"example\", \u0026rds.ParameterGroupArgs{\n\t\t\tName: pulumi.String(\"db-db2-params\"),\n\t\t\tFamily: pulumi.String(_default.ParameterGroupFamily),\n\t\t\tParameters: rds.ParameterGroupParameterArray{\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_customer_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t\t\u0026rds.ParameterGroupParameterArgs{\n\t\t\t\t\tApplyMethod: pulumi.String(\"immediate\"),\n\t\t\t\t\tName: pulumi.String(\"rds.ibm_site_id\"),\n\t\t\t\t\tValue: pulumi.String(\"0\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Create the RDS Db2 instance, use the data sources defined to set attributes\n\t\t_, err = rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(100),\n\t\t\tBackupRetentionPeriod: pulumi.Int(7),\n\t\t\tDbName: pulumi.String(\"test\"),\n\t\t\tEngine: pulumi.String(example.Engine),\n\t\t\tEngineVersion: pulumi.String(example.EngineVersion),\n\t\t\tIdentifier: pulumi.String(\"db2-instance-demo\"),\n\t\t\tInstanceClass: example.InstanceClass.ApplyT(func(x *string) rds.InstanceType { return rds.InstanceType(*x) }).(rds.InstanceTypeOutput),\n\t\t\tParameterGroupName: exampleParameterGroup.Name,\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.RdsFunctions;\nimport com.pulumi.aws.rds.inputs.GetEngineVersionArgs;\nimport com.pulumi.aws.rds.inputs.GetOrderableDbInstanceArgs;\nimport com.pulumi.aws.rds.ParameterGroup;\nimport com.pulumi.aws.rds.ParameterGroupArgs;\nimport com.pulumi.aws.rds.inputs.ParameterGroupParameterArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n final var default = RdsFunctions.getEngineVersion(GetEngineVersionArgs.builder()\n .engine(\"db2-se\")\n .build());\n\n // Lookup the available instance classes for the engine in the region being operated in\n final var example = RdsFunctions.getOrderableDbInstance(GetOrderableDbInstanceArgs.builder()\n .engine(default_.engine())\n .engineVersion(default_.version())\n .licenseModel(\"bring-your-own-license\")\n .storageType(\"gp3\")\n .preferredInstanceClasses( \n \"db.t3.small\",\n \"db.r6i.large\",\n \"db.m6i.large\")\n .build());\n\n // The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n var exampleParameterGroup = new ParameterGroup(\"exampleParameterGroup\", ParameterGroupArgs.builder()\n .name(\"db-db2-params\")\n .family(default_.parameterGroupFamily())\n .parameters( \n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_customer_id\")\n .value(0)\n .build(),\n ParameterGroupParameterArgs.builder()\n .applyMethod(\"immediate\")\n .name(\"rds.ibm_site_id\")\n .value(0)\n .build())\n .build());\n\n // Create the RDS Db2 instance, use the data sources defined to set attributes\n var exampleInstance = new Instance(\"exampleInstance\", InstanceArgs.builder()\n .allocatedStorage(100)\n .backupRetentionPeriod(7)\n .dbName(\"test\")\n .engine(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engine()))\n .engineVersion(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.engineVersion()))\n .identifier(\"db2-instance-demo\")\n .instanceClass(example.applyValue(getOrderableDbInstanceResult -\u003e getOrderableDbInstanceResult.instanceClass()))\n .parameterGroupName(exampleParameterGroup.name())\n .password(\"avoid-plaintext-passwords\")\n .username(\"test\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # The RDS Db2 instance resource requires licensing information. Create a new parameter group using the default paramater group as a source, and set license information.\n exampleParameterGroup:\n type: aws:rds:ParameterGroup\n name: example\n properties:\n name: db-db2-params\n family: ${default.parameterGroupFamily}\n parameters:\n - applyMethod: immediate\n name: rds.ibm_customer_id\n value: 0\n - applyMethod: immediate\n name: rds.ibm_site_id\n value: 0\n # Create the RDS Db2 instance, use the data sources defined to set attributes\n exampleInstance:\n type: aws:rds:Instance\n name: example\n properties:\n allocatedStorage: 100\n backupRetentionPeriod: 7\n dbName: test\n engine: ${example.engine}\n engineVersion: ${example.engineVersion}\n identifier: db2-instance-demo\n instanceClass: ${example.instanceClass}\n parameterGroupName: ${exampleParameterGroup.name}\n password: avoid-plaintext-passwords\n username: test\nvariables:\n # Lookup the default version for the engine. Db2 Standard Edition is `db2-se`, Db2 Advanced Edition is `db2-ae`.\n default:\n fn::invoke:\n function: aws:rds:getEngineVersion\n arguments:\n engine: db2-se\n # Lookup the available instance classes for the engine in the region being operated in\n example:\n fn::invoke:\n function: aws:rds:getOrderableDbInstance\n arguments:\n engine: ${default.engine}\n engineVersion: ${default.version}\n licenseModel: bring-your-own-license\n storageType: gp3\n preferredInstanceClasses:\n - db.t3.small\n - db.r6i.large\n - db.m6i.large\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Storage Autoscaling\n\nTo enable Storage Autoscaling with instances that support the feature, define the `max_allocated_storage` argument higher than the `allocated_storage` argument. This provider will automatically hide differences with the `allocated_storage` argument value if autoscaling occurs.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 50,\n maxAllocatedStorage: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Instance(\"example\",\n allocated_storage=50,\n max_allocated_storage=100)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Rds.Instance(\"example\", new()\n {\n AllocatedStorage = 50,\n MaxAllocatedStorage = 100,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"example\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tMaxAllocatedStorage: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Instance(\"example\", InstanceArgs.builder()\n .allocatedStorage(50)\n .maxAllocatedStorage(100)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 50\n maxAllocatedStorage: 100\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Managed Master Passwords via Secrets Manager, default KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `manage_master_user_password` attribute to enable managing the master password with Secrets Manager. You can also update an existing cluster to use Secrets Manager by specify the `manage_master_user_password` attribute and removing the `password` attribute (removal is required).\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"8.0\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n manageMasterUserPassword: true,\n username: \"foo\",\n parameterGroupName: \"default.mysql8.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"8.0\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n manage_master_user_password=True,\n username=\"foo\",\n parameter_group_name=\"default.mysql8.0\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"8.0\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n ManageMasterUserPassword = true,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql8.0\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"8.0\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql8.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"8.0\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .username(\"foo\")\n .parameterGroupName(\"default.mysql8.0\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '8.0'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n username: foo\n parameterGroupName: default.mysql8.0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Managed Master Passwords via Secrets Manager, specific KMS Key\n\n\u003e More information about RDS/Aurora Aurora integrates with Secrets Manager to manage master user passwords for your DB clusters can be found in the [RDS User Guide](https://aws.amazon.com/about-aws/whats-new/2022/12/amazon-rds-integration-aws-secrets-manager/) and [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html).\n\nYou can specify the `master_user_secret_kms_key_id` attribute to specify a specific KMS Key.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.Key(\"example\", {description: \"Example KMS Key\"});\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n dbName: \"mydb\",\n engine: \"mysql\",\n engineVersion: \"8.0\",\n instanceClass: aws.rds.InstanceType.T3_Micro,\n manageMasterUserPassword: true,\n masterUserSecretKmsKeyId: example.keyId,\n username: \"foo\",\n parameterGroupName: \"default.mysql8.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.Key(\"example\", description=\"Example KMS Key\")\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n db_name=\"mydb\",\n engine=\"mysql\",\n engine_version=\"8.0\",\n instance_class=aws.rds.InstanceType.T3_MICRO,\n manage_master_user_password=True,\n master_user_secret_kms_key_id=example.key_id,\n username=\"foo\",\n parameter_group_name=\"default.mysql8.0\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Kms.Key(\"example\", new()\n {\n Description = \"Example KMS Key\",\n });\n\n var @default = new Aws.Rds.Instance(\"default\", new()\n {\n AllocatedStorage = 10,\n DbName = \"mydb\",\n Engine = \"mysql\",\n EngineVersion = \"8.0\",\n InstanceClass = Aws.Rds.InstanceType.T3_Micro,\n ManageMasterUserPassword = true,\n MasterUserSecretKmsKeyId = example.KeyId,\n Username = \"foo\",\n ParameterGroupName = \"default.mysql8.0\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := kms.NewKey(ctx, \"example\", \u0026kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Example KMS Key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"default\", \u0026rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tDbName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"8.0\"),\n\t\t\tInstanceClass: pulumi.String(rds.InstanceType_T3_Micro),\n\t\t\tManageMasterUserPassword: pulumi.Bool(true),\n\t\t\tMasterUserSecretKmsKeyId: example.KeyId,\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql8.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.kms.Key;\nimport com.pulumi.aws.kms.KeyArgs;\nimport com.pulumi.aws.rds.Instance;\nimport com.pulumi.aws.rds.InstanceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Key(\"example\", KeyArgs.builder()\n .description(\"Example KMS Key\")\n .build());\n\n var default_ = new Instance(\"default\", InstanceArgs.builder()\n .allocatedStorage(10)\n .dbName(\"mydb\")\n .engine(\"mysql\")\n .engineVersion(\"8.0\")\n .instanceClass(\"db.t3.micro\")\n .manageMasterUserPassword(true)\n .masterUserSecretKmsKeyId(example.keyId())\n .username(\"foo\")\n .parameterGroupName(\"default.mysql8.0\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:kms:Key\n properties:\n description: Example KMS Key\n default:\n type: aws:rds:Instance\n properties:\n allocatedStorage: 10\n dbName: mydb\n engine: mysql\n engineVersion: '8.0'\n instanceClass: db.t3.micro\n manageMasterUserPassword: true\n masterUserSecretKmsKeyId: ${example.keyId}\n username: foo\n parameterGroupName: default.mysql8.0\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import DB Instances using the `identifier`. For example:\n\n```sh\n$ pulumi import aws:rds/instance:Instance default mydb-rds-instance\n```\n", "properties": { "address": { "type": "string", @@ -345261,7 +345261,7 @@ } }, "aws:route53/queryLog:QueryLog": { - "description": "Provides a Route53 query logging configuration resource.\n\n\u003e **NOTE:** There are restrictions on the configuration of query logging. Notably,\nthe CloudWatch log group must be in the `us-east-1` region,\na permissive CloudWatch log resource policy must be in place, and\nthe Route53 hosted zone must be public.\nSee [Configuring Logging for DNS Queries](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html?console_help=true#query-logs-configuring) for additional details.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example Route53 zone with query logging\nconst exampleCom = new aws.route53.Zone(\"example_com\", {name: \"example.com\"});\nconst awsRoute53ExampleCom = new aws.cloudwatch.LogGroup(\"aws_route53_example_com\", {\n name: pulumi.interpolate`/aws/route53/${exampleCom.name}`,\n retentionInDays: 30,\n});\n// Example CloudWatch log resource policy to allow Route53 to write logs\n// to any log group under /aws/route53/*\nconst route53-query-logging-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\", {\n policyDocument: route53_query_logging_policy.then(route53_query_logging_policy =\u003e route53_query_logging_policy.json),\n policyName: \"route53-query-logging-policy\",\n});\nconst exampleComQueryLog = new aws.route53.QueryLog(\"example_com\", {\n cloudwatchLogGroupArn: awsRoute53ExampleCom.arn,\n zoneId: exampleCom.zoneId,\n}, {\n dependsOn: [route53_query_logging_policyLogResourcePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example Route53 zone with query logging\nexample_com = aws.route53.Zone(\"example_com\", name=\"example.com\")\naws_route53_example_com = aws.cloudwatch.LogGroup(\"aws_route53_example_com\",\n name=example_com.name.apply(lambda name: f\"/aws/route53/{name}\"),\n retention_in_days=30)\n# Example CloudWatch log resource policy to allow Route53 to write logs\n# to any log group under /aws/route53/*\nroute53_query_logging_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n \"resources\": [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n \"principals\": [{\n \"identifiers\": [\"route53.amazonaws.com\"],\n \"type\": \"Service\",\n }],\n}])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\",\n policy_document=route53_query_logging_policy.json,\n policy_name=\"route53-query-logging-policy\")\nexample_com_query_log = aws.route53.QueryLog(\"example_com\",\n cloudwatch_log_group_arn=aws_route53_example_com.arn,\n zone_id=example_com.zone_id,\n opts = pulumi.ResourceOptions(depends_on=[route53_query_logging_policy_log_resource_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example Route53 zone with query logging\n var exampleCom = new Aws.Route53.Zone(\"example_com\", new()\n {\n Name = \"example.com\",\n });\n\n var awsRoute53ExampleCom = new Aws.CloudWatch.LogGroup(\"aws_route53_example_com\", new()\n {\n Name = exampleCom.Name.Apply(name =\u003e $\"/aws/route53/{name}\"),\n RetentionInDays = 30,\n });\n\n // Example CloudWatch log resource policy to allow Route53 to write logs\n // to any log group under /aws/route53/*\n var route53_query_logging_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policy\", new()\n {\n PolicyDocument = route53_query_logging_policy.Apply(route53_query_logging_policy =\u003e route53_query_logging_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n });\n\n var exampleComQueryLog = new Aws.Route53.QueryLog(\"example_com\", new()\n {\n CloudwatchLogGroupArn = awsRoute53ExampleCom.Arn,\n ZoneId = exampleCom.ZoneId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n route53_query_logging_policyLogResourcePolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example Route53 zone with query logging\n\t\texampleCom, err := route53.NewZone(ctx, \"example_com\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsRoute53ExampleCom, err := cloudwatch.NewLogGroup(ctx, \"aws_route53_example_com\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: exampleCom.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"/aws/route53/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRetentionInDays: pulumi.Int(30),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example CloudWatch log resource policy to allow Route53 to write logs\n\t\t// to any log group under /aws/route53/*\n\t\troute53_query_logging_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(route53_query_logging_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewQueryLog(ctx, \"example_com\", \u0026route53.QueryLogArgs{\n\t\t\tCloudwatchLogGroupArn: awsRoute53ExampleCom.Arn,\n\t\t\tZoneId: exampleCom.ZoneId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\troute53_query_logging_policyLogResourcePolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.route53.QueryLog;\nimport com.pulumi.aws.route53.QueryLogArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Example Route53 zone with query logging\n var exampleCom = new Zone(\"exampleCom\", ZoneArgs.builder()\n .name(\"example.com\")\n .build());\n\n var awsRoute53ExampleCom = new LogGroup(\"awsRoute53ExampleCom\", LogGroupArgs.builder()\n .name(exampleCom.name().applyValue(name -\u003e String.format(\"/aws/route53/%s\", name)))\n .retentionInDays(30)\n .build());\n\n // Example CloudWatch log resource policy to allow Route53 to write logs\n // to any log group under /aws/route53/*\n final var route53-query-logging-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder()\n .policyDocument(route53_query_logging_policy.json())\n .policyName(\"route53-query-logging-policy\")\n .build());\n\n var exampleComQueryLog = new QueryLog(\"exampleComQueryLog\", QueryLogArgs.builder()\n .cloudwatchLogGroupArn(awsRoute53ExampleCom.arn())\n .zoneId(exampleCom.zoneId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(route53_query_logging_policyLogResourcePolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n awsRoute53ExampleCom:\n type: aws:cloudwatch:LogGroup\n name: aws_route53_example_com\n properties:\n name: /aws/route53/${exampleCom.name}\n retentionInDays: 30\n route53-query-logging-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: route53-query-logging-policy\n properties:\n policyDocument: ${[\"route53-query-logging-policy\"].json}\n policyName: route53-query-logging-policy\n # Example Route53 zone with query logging\n exampleCom:\n type: aws:route53:Zone\n name: example_com\n properties:\n name: example.com\n exampleComQueryLog:\n type: aws:route53:QueryLog\n name: example_com\n properties:\n cloudwatchLogGroupArn: ${awsRoute53ExampleCom.arn}\n zoneId: ${exampleCom.zoneId}\n options:\n dependsOn:\n - ${[\"route53-query-logging-policyLogResourcePolicy\"]}\nvariables:\n # Example CloudWatch log resource policy to allow Route53 to write logs\n # to any log group under /aws/route53/*\n route53-query-logging-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Route53 query logging configurations using their ID. For example:\n\n```sh\n$ pulumi import aws:route53/queryLog:QueryLog example_com xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n```\n", + "description": "Provides a Route53 query logging configuration resource.\n\n\u003e **NOTE:** There are restrictions on the configuration of query logging. Notably,\nthe CloudWatch log group must be in the `us-east-1` region,\na permissive CloudWatch log resource policy must be in place, and\nthe Route53 hosted zone must be public.\nSee [Configuring Logging for DNS Queries](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html?console_help=true#query-logs-configuring) for additional details.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example Route53 zone with query logging\nconst exampleCom = new aws.route53.Zone(\"example_com\", {name: \"example.com\"});\nconst awsRoute53ExampleCom = new aws.cloudwatch.LogGroup(\"aws_route53_example_com\", {\n name: pulumi.interpolate`/aws/route53/${exampleCom.name}`,\n retentionInDays: 30,\n});\n// Example CloudWatch log resource policy to allow Route53 to write logs\n// to any log group under /aws/route53/*\nconst route53_query_logging_policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\", {\n policyDocument: route53_query_logging_policy.then(route53_query_logging_policy =\u003e route53_query_logging_policy.json),\n policyName: \"route53-query-logging-policy\",\n});\nconst exampleComQueryLog = new aws.route53.QueryLog(\"example_com\", {\n cloudwatchLogGroupArn: awsRoute53ExampleCom.arn,\n zoneId: exampleCom.zoneId,\n}, {\n dependsOn: [route53_query_logging_policyLogResourcePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example Route53 zone with query logging\nexample_com = aws.route53.Zone(\"example_com\", name=\"example.com\")\naws_route53_example_com = aws.cloudwatch.LogGroup(\"aws_route53_example_com\",\n name=example_com.name.apply(lambda name: f\"/aws/route53/{name}\"),\n retention_in_days=30)\n# Example CloudWatch log resource policy to allow Route53 to write logs\n# to any log group under /aws/route53/*\nroute53_query_logging_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n \"resources\": [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n \"principals\": [{\n \"identifiers\": [\"route53.amazonaws.com\"],\n \"type\": \"Service\",\n }],\n}])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policy\",\n policy_document=route53_query_logging_policy.json,\n policy_name=\"route53-query-logging-policy\")\nexample_com_query_log = aws.route53.QueryLog(\"example_com\",\n cloudwatch_log_group_arn=aws_route53_example_com.arn,\n zone_id=example_com.zone_id,\n opts = pulumi.ResourceOptions(depends_on=[route53_query_logging_policy_log_resource_policy]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n // Example Route53 zone with query logging\n var exampleCom = new Aws.Route53.Zone(\"example_com\", new()\n {\n Name = \"example.com\",\n });\n\n var awsRoute53ExampleCom = new Aws.CloudWatch.LogGroup(\"aws_route53_example_com\", new()\n {\n Name = exampleCom.Name.Apply(name =\u003e $\"/aws/route53/{name}\"),\n RetentionInDays = 30,\n });\n\n // Example CloudWatch log resource policy to allow Route53 to write logs\n // to any log group under /aws/route53/*\n var route53_query_logging_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = new[]\n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Identifiers = new[]\n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policy\", new()\n {\n PolicyDocument = route53_query_logging_policy.Apply(route53_query_logging_policy =\u003e route53_query_logging_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n PolicyName = \"route53-query-logging-policy\",\n });\n\n var exampleComQueryLog = new Aws.Route53.QueryLog(\"example_com\", new()\n {\n CloudwatchLogGroupArn = awsRoute53ExampleCom.Arn,\n ZoneId = exampleCom.ZoneId,\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n route53_query_logging_policyLogResourcePolicy,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t// Example Route53 zone with query logging\n\t\texampleCom, err := route53.NewZone(ctx, \"example_com\", \u0026route53.ZoneArgs{\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsRoute53ExampleCom, err := cloudwatch.NewLogGroup(ctx, \"aws_route53_example_com\", \u0026cloudwatch.LogGroupArgs{\n\t\t\tName: exampleCom.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"/aws/route53/%v\", name), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRetentionInDays: pulumi.Int(30),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Example CloudWatch log resource policy to allow Route53 to write logs\n\t\t// to any log group under /aws/route53/*\n\t\troute53_query_logging_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53-query-logging-policy\", \u0026cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(route53_query_logging_policy.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewQueryLog(ctx, \"example_com\", \u0026route53.QueryLogArgs{\n\t\t\tCloudwatchLogGroupArn: awsRoute53ExampleCom.Arn,\n\t\t\tZoneId: exampleCom.ZoneId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\troute53_query_logging_policyLogResourcePolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.route53.Zone;\nimport com.pulumi.aws.route53.ZoneArgs;\nimport com.pulumi.aws.cloudwatch.LogGroup;\nimport com.pulumi.aws.cloudwatch.LogGroupArgs;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicy;\nimport com.pulumi.aws.cloudwatch.LogResourcePolicyArgs;\nimport com.pulumi.aws.route53.QueryLog;\nimport com.pulumi.aws.route53.QueryLogArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n // Example Route53 zone with query logging\n var exampleCom = new Zone(\"exampleCom\", ZoneArgs.builder()\n .name(\"example.com\")\n .build());\n\n var awsRoute53ExampleCom = new LogGroup(\"awsRoute53ExampleCom\", LogGroupArgs.builder()\n .name(exampleCom.name().applyValue(name -\u003e String.format(\"/aws/route53/%s\", name)))\n .retentionInDays(30)\n .build());\n\n // Example CloudWatch log resource policy to allow Route53 to write logs\n // to any log group under /aws/route53/*\n final var route53-query-logging-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\")\n .resources(\"arn:aws:logs:*:*:log-group:/aws/route53/*\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .identifiers(\"route53.amazonaws.com\")\n .type(\"Service\")\n .build())\n .build())\n .build());\n\n var route53_query_logging_policyLogResourcePolicy = new LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", LogResourcePolicyArgs.builder()\n .policyDocument(route53_query_logging_policy.json())\n .policyName(\"route53-query-logging-policy\")\n .build());\n\n var exampleComQueryLog = new QueryLog(\"exampleComQueryLog\", QueryLogArgs.builder()\n .cloudwatchLogGroupArn(awsRoute53ExampleCom.arn())\n .zoneId(exampleCom.zoneId())\n .build(), CustomResourceOptions.builder()\n .dependsOn(route53_query_logging_policyLogResourcePolicy)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n awsRoute53ExampleCom:\n type: aws:cloudwatch:LogGroup\n name: aws_route53_example_com\n properties:\n name: /aws/route53/${exampleCom.name}\n retentionInDays: 30\n route53-query-logging-policyLogResourcePolicy:\n type: aws:cloudwatch:LogResourcePolicy\n name: route53-query-logging-policy\n properties:\n policyDocument: ${[\"route53-query-logging-policy\"].json}\n policyName: route53-query-logging-policy\n # Example Route53 zone with query logging\n exampleCom:\n type: aws:route53:Zone\n name: example_com\n properties:\n name: example.com\n exampleComQueryLog:\n type: aws:route53:QueryLog\n name: example_com\n properties:\n cloudwatchLogGroupArn: ${awsRoute53ExampleCom.arn}\n zoneId: ${exampleCom.zoneId}\n options:\n dependsOn:\n - ${[\"route53-query-logging-policyLogResourcePolicy\"]}\nvariables:\n # Example CloudWatch log resource policy to allow Route53 to write logs\n # to any log group under /aws/route53/*\n route53-query-logging-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n statements:\n - actions:\n - logs:CreateLogStream\n - logs:PutLogEvents\n resources:\n - arn:aws:logs:*:*:log-group:/aws/route53/*\n principals:\n - identifiers:\n - route53.amazonaws.com\n type: Service\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import Route53 query logging configurations using their ID. For example:\n\n```sh\n$ pulumi import aws:route53/queryLog:QueryLog example_com xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n```\n", "properties": { "arn": { "type": "string", @@ -365647,7 +365647,7 @@ } }, "aws:sesv2/configurationSetEventDestination:ConfigurationSetEventDestination": { - "description": "Resource for managing an AWS SESv2 (Simple Email V2) Configuration Set Event Destination.\n\n## Example Usage\n\n### CloudWatch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sesv2.ConfigurationSet(\"example\", {configurationSetName: \"example\"});\nconst exampleConfigurationSetEventDestination = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: example.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n cloudWatchDestination: {\n dimensionConfigurations: [{\n defaultDimensionValue: \"example\",\n dimensionName: \"example\",\n dimensionValueSource: \"MESSAGE_TAG\",\n }],\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sesv2.ConfigurationSet(\"example\", configuration_set_name=\"example\")\nexample_configuration_set_event_destination = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example.configuration_set_name,\n event_destination_name=\"example\",\n event_destination={\n \"cloud_watch_destination\": {\n \"dimension_configurations\": [{\n \"default_dimension_value\": \"example\",\n \"dimension_name\": \"example\",\n \"dimension_value_source\": \"MESSAGE_TAG\",\n }],\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.SesV2.ConfigurationSet(\"example\", new()\n {\n ConfigurationSetName = \"example\",\n });\n\n var exampleConfigurationSetEventDestination = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = example.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n CloudWatchDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationArgs\n {\n DimensionConfigurations = new[]\n {\n new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfigurationArgs\n {\n DefaultDimensionValue = \"example\",\n DimensionName = \"example\",\n DimensionValueSource = \"MESSAGE_TAG\",\n },\n },\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sesv2.NewConfigurationSet(ctx, \"example\", \u0026sesv2.ConfigurationSetArgs{\n\t\t\tConfigurationSetName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: example.ConfigurationSetName,\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tCloudWatchDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationArgs{\n\t\t\t\t\tDimensionConfigurations: sesv2.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfigurationArray{\n\t\t\t\t\t\t\u0026sesv2.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfigurationArgs{\n\t\t\t\t\t\t\tDefaultDimensionValue: pulumi.String(\"example\"),\n\t\t\t\t\t\t\tDimensionName: pulumi.String(\"example\"),\n\t\t\t\t\t\t\tDimensionValueSource: pulumi.String(\"MESSAGE_TAG\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sesv2.ConfigurationSet;\nimport com.pulumi.aws.sesv2.ConfigurationSetArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConfigurationSet(\"example\", ConfigurationSetArgs.builder()\n .configurationSetName(\"example\")\n .build());\n\n var exampleConfigurationSetEventDestination = new ConfigurationSetEventDestination(\"exampleConfigurationSetEventDestination\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(example.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .cloudWatchDestination(ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationArgs.builder()\n .dimensionConfigurations(ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfigurationArgs.builder()\n .defaultDimensionValue(\"example\")\n .dimensionName(\"example\")\n .dimensionValueSource(\"MESSAGE_TAG\")\n .build())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSet\n properties:\n configurationSetName: example\n exampleConfigurationSetEventDestination:\n type: aws:sesv2:ConfigurationSetEventDestination\n name: example\n properties:\n configurationSetName: ${example.configurationSetName}\n eventDestinationName: example\n eventDestination:\n cloudWatchDestination:\n dimensionConfigurations:\n - defaultDimensionValue: example\n dimensionName: example\n dimensionValueSource: MESSAGE_TAG\n enabled: true\n matchingEventTypes:\n - SEND\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EventBridge Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst default = aws.cloudwatch.getEventBus({\n name: \"default\",\n});\nconst example = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: exampleAwsSesv2ConfigurationSet.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n eventBridgeDestination: {\n eventBusArn: _default.then(_default =\u003e _default.arn),\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.cloudwatch.get_event_bus(name=\"default\")\nexample = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example_aws_sesv2_configuration_set[\"configurationSetName\"],\n event_destination_name=\"example\",\n event_destination={\n \"event_bridge_destination\": {\n \"event_bus_arn\": default.arn,\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.CloudWatch.GetEventBus.Invoke(new()\n {\n Name = \"default\",\n });\n\n var example = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = exampleAwsSesv2ConfigurationSet.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n EventBridgeDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationEventBridgeDestinationArgs\n {\n EventBusArn = @default.Apply(@default =\u003e @default.Apply(getEventBusResult =\u003e getEventBusResult.Arn)),\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := cloudwatch.LookupEventBus(ctx, \u0026cloudwatch.LookupEventBusArgs{\n\t\t\tName: \"default\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: pulumi.Any(exampleAwsSesv2ConfigurationSet.ConfigurationSetName),\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tEventBridgeDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationEventBridgeDestinationArgs{\n\t\t\t\t\tEventBusArn: pulumi.String(_default.Arn),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.CloudwatchFunctions;\nimport com.pulumi.aws.cloudwatch.inputs.GetEventBusArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationEventBridgeDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CloudwatchFunctions.getEventBus(GetEventBusArgs.builder()\n .name(\"default\")\n .build());\n\n var example = new ConfigurationSetEventDestination(\"example\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(exampleAwsSesv2ConfigurationSet.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .eventBridgeDestination(ConfigurationSetEventDestinationEventDestinationEventBridgeDestinationArgs.builder()\n .eventBusArn(default_.arn())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSetEventDestination\n properties:\n configurationSetName: ${exampleAwsSesv2ConfigurationSet.configurationSetName}\n eventDestinationName: example\n eventDestination:\n eventBridgeDestination:\n eventBusArn: ${default.arn}\n enabled: true\n matchingEventTypes:\n - SEND\nvariables:\n default:\n fn::invoke:\n function: aws:cloudwatch:getEventBus\n arguments:\n name: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Kinesis Firehose Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sesv2.ConfigurationSet(\"example\", {configurationSetName: \"example\"});\nconst exampleConfigurationSetEventDestination = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: example.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n kinesisFirehoseDestination: {\n deliveryStreamArn: exampleAwsKinesisFirehoseDeliveryStream.arn,\n iamRoleArn: exampleAwsIamRole.arn,\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sesv2.ConfigurationSet(\"example\", configuration_set_name=\"example\")\nexample_configuration_set_event_destination = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example.configuration_set_name,\n event_destination_name=\"example\",\n event_destination={\n \"kinesis_firehose_destination\": {\n \"delivery_stream_arn\": example_aws_kinesis_firehose_delivery_stream[\"arn\"],\n \"iam_role_arn\": example_aws_iam_role[\"arn\"],\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.SesV2.ConfigurationSet(\"example\", new()\n {\n ConfigurationSetName = \"example\",\n });\n\n var exampleConfigurationSetEventDestination = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = example.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n KinesisFirehoseDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestinationArgs\n {\n DeliveryStreamArn = exampleAwsKinesisFirehoseDeliveryStream.Arn,\n IamRoleArn = exampleAwsIamRole.Arn,\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sesv2.NewConfigurationSet(ctx, \"example\", \u0026sesv2.ConfigurationSetArgs{\n\t\t\tConfigurationSetName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: example.ConfigurationSetName,\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tKinesisFirehoseDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestinationArgs{\n\t\t\t\t\tDeliveryStreamArn: pulumi.Any(exampleAwsKinesisFirehoseDeliveryStream.Arn),\n\t\t\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sesv2.ConfigurationSet;\nimport com.pulumi.aws.sesv2.ConfigurationSetArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConfigurationSet(\"example\", ConfigurationSetArgs.builder()\n .configurationSetName(\"example\")\n .build());\n\n var exampleConfigurationSetEventDestination = new ConfigurationSetEventDestination(\"exampleConfigurationSetEventDestination\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(example.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .kinesisFirehoseDestination(ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestinationArgs.builder()\n .deliveryStreamArn(exampleAwsKinesisFirehoseDeliveryStream.arn())\n .iamRoleArn(exampleAwsIamRole.arn())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSet\n properties:\n configurationSetName: example\n exampleConfigurationSetEventDestination:\n type: aws:sesv2:ConfigurationSetEventDestination\n name: example\n properties:\n configurationSetName: ${example.configurationSetName}\n eventDestinationName: example\n eventDestination:\n kinesisFirehoseDestination:\n deliveryStreamArn: ${exampleAwsKinesisFirehoseDeliveryStream.arn}\n iamRoleArn: ${exampleAwsIamRole.arn}\n enabled: true\n matchingEventTypes:\n - SEND\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Pinpoint Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sesv2.ConfigurationSet(\"example\", {configurationSetName: \"example\"});\nconst exampleConfigurationSetEventDestination = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: example.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n pinpointDestination: {\n applicationArn: exampleAwsPinpointApp.arn,\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sesv2.ConfigurationSet(\"example\", configuration_set_name=\"example\")\nexample_configuration_set_event_destination = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example.configuration_set_name,\n event_destination_name=\"example\",\n event_destination={\n \"pinpoint_destination\": {\n \"application_arn\": example_aws_pinpoint_app[\"arn\"],\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.SesV2.ConfigurationSet(\"example\", new()\n {\n ConfigurationSetName = \"example\",\n });\n\n var exampleConfigurationSetEventDestination = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = example.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n PinpointDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationPinpointDestinationArgs\n {\n ApplicationArn = exampleAwsPinpointApp.Arn,\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sesv2.NewConfigurationSet(ctx, \"example\", \u0026sesv2.ConfigurationSetArgs{\n\t\t\tConfigurationSetName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: example.ConfigurationSetName,\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tPinpointDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationPinpointDestinationArgs{\n\t\t\t\t\tApplicationArn: pulumi.Any(exampleAwsPinpointApp.Arn),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sesv2.ConfigurationSet;\nimport com.pulumi.aws.sesv2.ConfigurationSetArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationPinpointDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConfigurationSet(\"example\", ConfigurationSetArgs.builder()\n .configurationSetName(\"example\")\n .build());\n\n var exampleConfigurationSetEventDestination = new ConfigurationSetEventDestination(\"exampleConfigurationSetEventDestination\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(example.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .pinpointDestination(ConfigurationSetEventDestinationEventDestinationPinpointDestinationArgs.builder()\n .applicationArn(exampleAwsPinpointApp.arn())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSet\n properties:\n configurationSetName: example\n exampleConfigurationSetEventDestination:\n type: aws:sesv2:ConfigurationSetEventDestination\n name: example\n properties:\n configurationSetName: ${example.configurationSetName}\n eventDestinationName: example\n eventDestination:\n pinpointDestination:\n applicationArn: ${exampleAwsPinpointApp.arn}\n enabled: true\n matchingEventTypes:\n - SEND\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### SNS Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sesv2.ConfigurationSet(\"example\", {configurationSetName: \"example\"});\nconst exampleConfigurationSetEventDestination = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: example.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n snsDestination: {\n topicArn: exampleAwsSnsTopic.arn,\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sesv2.ConfigurationSet(\"example\", configuration_set_name=\"example\")\nexample_configuration_set_event_destination = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example.configuration_set_name,\n event_destination_name=\"example\",\n event_destination={\n \"sns_destination\": {\n \"topic_arn\": example_aws_sns_topic[\"arn\"],\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.SesV2.ConfigurationSet(\"example\", new()\n {\n ConfigurationSetName = \"example\",\n });\n\n var exampleConfigurationSetEventDestination = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = example.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n SnsDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationSnsDestinationArgs\n {\n TopicArn = exampleAwsSnsTopic.Arn,\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sesv2.NewConfigurationSet(ctx, \"example\", \u0026sesv2.ConfigurationSetArgs{\n\t\t\tConfigurationSetName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: example.ConfigurationSetName,\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tSnsDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationSnsDestinationArgs{\n\t\t\t\t\tTopicArn: pulumi.Any(exampleAwsSnsTopic.Arn),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sesv2.ConfigurationSet;\nimport com.pulumi.aws.sesv2.ConfigurationSetArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationSnsDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConfigurationSet(\"example\", ConfigurationSetArgs.builder()\n .configurationSetName(\"example\")\n .build());\n\n var exampleConfigurationSetEventDestination = new ConfigurationSetEventDestination(\"exampleConfigurationSetEventDestination\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(example.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .snsDestination(ConfigurationSetEventDestinationEventDestinationSnsDestinationArgs.builder()\n .topicArn(exampleAwsSnsTopic.arn())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSet\n properties:\n configurationSetName: example\n exampleConfigurationSetEventDestination:\n type: aws:sesv2:ConfigurationSetEventDestination\n name: example\n properties:\n configurationSetName: ${example.configurationSetName}\n eventDestinationName: example\n eventDestination:\n snsDestination:\n topicArn: ${exampleAwsSnsTopic.arn}\n enabled: true\n matchingEventTypes:\n - SEND\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SESv2 (Simple Email V2) Configuration Set Event Destination using the `id` (`configuration_set_name|event_destination_name`). For example:\n\n```sh\n$ pulumi import aws:sesv2/configurationSetEventDestination:ConfigurationSetEventDestination example example_configuration_set|example_event_destination\n```\n", + "description": "Resource for managing an AWS SESv2 (Simple Email V2) Configuration Set Event Destination.\n\n## Example Usage\n\n### CloudWatch Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sesv2.ConfigurationSet(\"example\", {configurationSetName: \"example\"});\nconst exampleConfigurationSetEventDestination = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: example.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n cloudWatchDestination: {\n dimensionConfigurations: [{\n defaultDimensionValue: \"example\",\n dimensionName: \"example\",\n dimensionValueSource: \"MESSAGE_TAG\",\n }],\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sesv2.ConfigurationSet(\"example\", configuration_set_name=\"example\")\nexample_configuration_set_event_destination = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example.configuration_set_name,\n event_destination_name=\"example\",\n event_destination={\n \"cloud_watch_destination\": {\n \"dimension_configurations\": [{\n \"default_dimension_value\": \"example\",\n \"dimension_name\": \"example\",\n \"dimension_value_source\": \"MESSAGE_TAG\",\n }],\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.SesV2.ConfigurationSet(\"example\", new()\n {\n ConfigurationSetName = \"example\",\n });\n\n var exampleConfigurationSetEventDestination = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = example.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n CloudWatchDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationArgs\n {\n DimensionConfigurations = new[]\n {\n new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfigurationArgs\n {\n DefaultDimensionValue = \"example\",\n DimensionName = \"example\",\n DimensionValueSource = \"MESSAGE_TAG\",\n },\n },\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sesv2.NewConfigurationSet(ctx, \"example\", \u0026sesv2.ConfigurationSetArgs{\n\t\t\tConfigurationSetName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: example.ConfigurationSetName,\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tCloudWatchDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationArgs{\n\t\t\t\t\tDimensionConfigurations: sesv2.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfigurationArray{\n\t\t\t\t\t\t\u0026sesv2.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfigurationArgs{\n\t\t\t\t\t\t\tDefaultDimensionValue: pulumi.String(\"example\"),\n\t\t\t\t\t\t\tDimensionName: pulumi.String(\"example\"),\n\t\t\t\t\t\t\tDimensionValueSource: pulumi.String(\"MESSAGE_TAG\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sesv2.ConfigurationSet;\nimport com.pulumi.aws.sesv2.ConfigurationSetArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConfigurationSet(\"example\", ConfigurationSetArgs.builder()\n .configurationSetName(\"example\")\n .build());\n\n var exampleConfigurationSetEventDestination = new ConfigurationSetEventDestination(\"exampleConfigurationSetEventDestination\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(example.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .cloudWatchDestination(ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationArgs.builder()\n .dimensionConfigurations(ConfigurationSetEventDestinationEventDestinationCloudWatchDestinationDimensionConfigurationArgs.builder()\n .defaultDimensionValue(\"example\")\n .dimensionName(\"example\")\n .dimensionValueSource(\"MESSAGE_TAG\")\n .build())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSet\n properties:\n configurationSetName: example\n exampleConfigurationSetEventDestination:\n type: aws:sesv2:ConfigurationSetEventDestination\n name: example\n properties:\n configurationSetName: ${example.configurationSetName}\n eventDestinationName: example\n eventDestination:\n cloudWatchDestination:\n dimensionConfigurations:\n - defaultDimensionValue: example\n dimensionName: example\n dimensionValueSource: MESSAGE_TAG\n enabled: true\n matchingEventTypes:\n - SEND\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### EventBridge Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = aws.cloudwatch.getEventBus({\n name: \"default\",\n});\nconst example = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: exampleAwsSesv2ConfigurationSet.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n eventBridgeDestination: {\n eventBusArn: _default.then(_default =\u003e _default.arn),\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.cloudwatch.get_event_bus(name=\"default\")\nexample = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example_aws_sesv2_configuration_set[\"configurationSetName\"],\n event_destination_name=\"example\",\n event_destination={\n \"event_bridge_destination\": {\n \"event_bus_arn\": default.arn,\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.CloudWatch.GetEventBus.Invoke(new()\n {\n Name = \"default\",\n });\n\n var example = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = exampleAwsSesv2ConfigurationSet.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n EventBridgeDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationEventBridgeDestinationArgs\n {\n EventBusArn = @default.Apply(@default =\u003e @default.Apply(getEventBusResult =\u003e getEventBusResult.Arn)),\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := cloudwatch.LookupEventBus(ctx, \u0026cloudwatch.LookupEventBusArgs{\n\t\t\tName: \"default\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: pulumi.Any(exampleAwsSesv2ConfigurationSet.ConfigurationSetName),\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tEventBridgeDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationEventBridgeDestinationArgs{\n\t\t\t\t\tEventBusArn: pulumi.String(_default.Arn),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.cloudwatch.CloudwatchFunctions;\nimport com.pulumi.aws.cloudwatch.inputs.GetEventBusArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationEventBridgeDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = CloudwatchFunctions.getEventBus(GetEventBusArgs.builder()\n .name(\"default\")\n .build());\n\n var example = new ConfigurationSetEventDestination(\"example\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(exampleAwsSesv2ConfigurationSet.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .eventBridgeDestination(ConfigurationSetEventDestinationEventDestinationEventBridgeDestinationArgs.builder()\n .eventBusArn(default_.arn())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSetEventDestination\n properties:\n configurationSetName: ${exampleAwsSesv2ConfigurationSet.configurationSetName}\n eventDestinationName: example\n eventDestination:\n eventBridgeDestination:\n eventBusArn: ${default.arn}\n enabled: true\n matchingEventTypes:\n - SEND\nvariables:\n default:\n fn::invoke:\n function: aws:cloudwatch:getEventBus\n arguments:\n name: default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Kinesis Firehose Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sesv2.ConfigurationSet(\"example\", {configurationSetName: \"example\"});\nconst exampleConfigurationSetEventDestination = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: example.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n kinesisFirehoseDestination: {\n deliveryStreamArn: exampleAwsKinesisFirehoseDeliveryStream.arn,\n iamRoleArn: exampleAwsIamRole.arn,\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sesv2.ConfigurationSet(\"example\", configuration_set_name=\"example\")\nexample_configuration_set_event_destination = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example.configuration_set_name,\n event_destination_name=\"example\",\n event_destination={\n \"kinesis_firehose_destination\": {\n \"delivery_stream_arn\": example_aws_kinesis_firehose_delivery_stream[\"arn\"],\n \"iam_role_arn\": example_aws_iam_role[\"arn\"],\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.SesV2.ConfigurationSet(\"example\", new()\n {\n ConfigurationSetName = \"example\",\n });\n\n var exampleConfigurationSetEventDestination = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = example.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n KinesisFirehoseDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestinationArgs\n {\n DeliveryStreamArn = exampleAwsKinesisFirehoseDeliveryStream.Arn,\n IamRoleArn = exampleAwsIamRole.Arn,\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sesv2.NewConfigurationSet(ctx, \"example\", \u0026sesv2.ConfigurationSetArgs{\n\t\t\tConfigurationSetName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: example.ConfigurationSetName,\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tKinesisFirehoseDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestinationArgs{\n\t\t\t\t\tDeliveryStreamArn: pulumi.Any(exampleAwsKinesisFirehoseDeliveryStream.Arn),\n\t\t\t\t\tIamRoleArn: pulumi.Any(exampleAwsIamRole.Arn),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sesv2.ConfigurationSet;\nimport com.pulumi.aws.sesv2.ConfigurationSetArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConfigurationSet(\"example\", ConfigurationSetArgs.builder()\n .configurationSetName(\"example\")\n .build());\n\n var exampleConfigurationSetEventDestination = new ConfigurationSetEventDestination(\"exampleConfigurationSetEventDestination\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(example.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .kinesisFirehoseDestination(ConfigurationSetEventDestinationEventDestinationKinesisFirehoseDestinationArgs.builder()\n .deliveryStreamArn(exampleAwsKinesisFirehoseDeliveryStream.arn())\n .iamRoleArn(exampleAwsIamRole.arn())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSet\n properties:\n configurationSetName: example\n exampleConfigurationSetEventDestination:\n type: aws:sesv2:ConfigurationSetEventDestination\n name: example\n properties:\n configurationSetName: ${example.configurationSetName}\n eventDestinationName: example\n eventDestination:\n kinesisFirehoseDestination:\n deliveryStreamArn: ${exampleAwsKinesisFirehoseDeliveryStream.arn}\n iamRoleArn: ${exampleAwsIamRole.arn}\n enabled: true\n matchingEventTypes:\n - SEND\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Pinpoint Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sesv2.ConfigurationSet(\"example\", {configurationSetName: \"example\"});\nconst exampleConfigurationSetEventDestination = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: example.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n pinpointDestination: {\n applicationArn: exampleAwsPinpointApp.arn,\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sesv2.ConfigurationSet(\"example\", configuration_set_name=\"example\")\nexample_configuration_set_event_destination = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example.configuration_set_name,\n event_destination_name=\"example\",\n event_destination={\n \"pinpoint_destination\": {\n \"application_arn\": example_aws_pinpoint_app[\"arn\"],\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.SesV2.ConfigurationSet(\"example\", new()\n {\n ConfigurationSetName = \"example\",\n });\n\n var exampleConfigurationSetEventDestination = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = example.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n PinpointDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationPinpointDestinationArgs\n {\n ApplicationArn = exampleAwsPinpointApp.Arn,\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sesv2.NewConfigurationSet(ctx, \"example\", \u0026sesv2.ConfigurationSetArgs{\n\t\t\tConfigurationSetName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: example.ConfigurationSetName,\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tPinpointDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationPinpointDestinationArgs{\n\t\t\t\t\tApplicationArn: pulumi.Any(exampleAwsPinpointApp.Arn),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sesv2.ConfigurationSet;\nimport com.pulumi.aws.sesv2.ConfigurationSetArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationPinpointDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConfigurationSet(\"example\", ConfigurationSetArgs.builder()\n .configurationSetName(\"example\")\n .build());\n\n var exampleConfigurationSetEventDestination = new ConfigurationSetEventDestination(\"exampleConfigurationSetEventDestination\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(example.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .pinpointDestination(ConfigurationSetEventDestinationEventDestinationPinpointDestinationArgs.builder()\n .applicationArn(exampleAwsPinpointApp.arn())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSet\n properties:\n configurationSetName: example\n exampleConfigurationSetEventDestination:\n type: aws:sesv2:ConfigurationSetEventDestination\n name: example\n properties:\n configurationSetName: ${example.configurationSetName}\n eventDestinationName: example\n eventDestination:\n pinpointDestination:\n applicationArn: ${exampleAwsPinpointApp.arn}\n enabled: true\n matchingEventTypes:\n - SEND\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### SNS Destination\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sesv2.ConfigurationSet(\"example\", {configurationSetName: \"example\"});\nconst exampleConfigurationSetEventDestination = new aws.sesv2.ConfigurationSetEventDestination(\"example\", {\n configurationSetName: example.configurationSetName,\n eventDestinationName: \"example\",\n eventDestination: {\n snsDestination: {\n topicArn: exampleAwsSnsTopic.arn,\n },\n enabled: true,\n matchingEventTypes: [\"SEND\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sesv2.ConfigurationSet(\"example\", configuration_set_name=\"example\")\nexample_configuration_set_event_destination = aws.sesv2.ConfigurationSetEventDestination(\"example\",\n configuration_set_name=example.configuration_set_name,\n event_destination_name=\"example\",\n event_destination={\n \"sns_destination\": {\n \"topic_arn\": example_aws_sns_topic[\"arn\"],\n },\n \"enabled\": True,\n \"matching_event_types\": [\"SEND\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.SesV2.ConfigurationSet(\"example\", new()\n {\n ConfigurationSetName = \"example\",\n });\n\n var exampleConfigurationSetEventDestination = new Aws.SesV2.ConfigurationSetEventDestination(\"example\", new()\n {\n ConfigurationSetName = example.ConfigurationSetName,\n EventDestinationName = \"example\",\n EventDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationArgs\n {\n SnsDestination = new Aws.SesV2.Inputs.ConfigurationSetEventDestinationEventDestinationSnsDestinationArgs\n {\n TopicArn = exampleAwsSnsTopic.Arn,\n },\n Enabled = true,\n MatchingEventTypes = new[]\n {\n \"SEND\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sesv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sesv2.NewConfigurationSet(ctx, \"example\", \u0026sesv2.ConfigurationSetArgs{\n\t\t\tConfigurationSetName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sesv2.NewConfigurationSetEventDestination(ctx, \"example\", \u0026sesv2.ConfigurationSetEventDestinationArgs{\n\t\t\tConfigurationSetName: example.ConfigurationSetName,\n\t\t\tEventDestinationName: pulumi.String(\"example\"),\n\t\t\tEventDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationArgs{\n\t\t\t\tSnsDestination: \u0026sesv2.ConfigurationSetEventDestinationEventDestinationSnsDestinationArgs{\n\t\t\t\t\tTopicArn: pulumi.Any(exampleAwsSnsTopic.Arn),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMatchingEventTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"SEND\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sesv2.ConfigurationSet;\nimport com.pulumi.aws.sesv2.ConfigurationSetArgs;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestination;\nimport com.pulumi.aws.sesv2.ConfigurationSetEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationArgs;\nimport com.pulumi.aws.sesv2.inputs.ConfigurationSetEventDestinationEventDestinationSnsDestinationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new ConfigurationSet(\"example\", ConfigurationSetArgs.builder()\n .configurationSetName(\"example\")\n .build());\n\n var exampleConfigurationSetEventDestination = new ConfigurationSetEventDestination(\"exampleConfigurationSetEventDestination\", ConfigurationSetEventDestinationArgs.builder()\n .configurationSetName(example.configurationSetName())\n .eventDestinationName(\"example\")\n .eventDestination(ConfigurationSetEventDestinationEventDestinationArgs.builder()\n .snsDestination(ConfigurationSetEventDestinationEventDestinationSnsDestinationArgs.builder()\n .topicArn(exampleAwsSnsTopic.arn())\n .build())\n .enabled(true)\n .matchingEventTypes(\"SEND\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:sesv2:ConfigurationSet\n properties:\n configurationSetName: example\n exampleConfigurationSetEventDestination:\n type: aws:sesv2:ConfigurationSetEventDestination\n name: example\n properties:\n configurationSetName: ${example.configurationSetName}\n eventDestinationName: example\n eventDestination:\n snsDestination:\n topicArn: ${exampleAwsSnsTopic.arn}\n enabled: true\n matchingEventTypes:\n - SEND\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SESv2 (Simple Email V2) Configuration Set Event Destination using the `id` (`configuration_set_name|event_destination_name`). For example:\n\n```sh\n$ pulumi import aws:sesv2/configurationSetEventDestination:ConfigurationSetEventDestination example example_configuration_set|example_event_destination\n```\n", "properties": { "configurationSetName": { "type": "string", @@ -368568,7 +368568,7 @@ } }, "aws:sns/topicSubscription:TopicSubscription": { - "description": "Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues.\n\n\u003e **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription.\n\n\u003e **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic.\n\n\u003e **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it.\n\n## Example Usage\n\nYou can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"user_updates_sqs_target\", {\n topic: \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n protocol: \"sqs\",\n endpoint: \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"user_updates_sqs_target\",\n topic=\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n protocol=\"sqs\",\n endpoint=\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"user_updates_sqs_target\", new()\n {\n Topic = \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n Protocol = \"sqs\",\n Endpoint = \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopicSubscription(ctx, \"user_updates_sqs_target\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: pulumi.Any(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\"),\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: pulumi.String(\"arn:aws:sqs:us-west-2:432981146916:queue-too\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder()\n .topic(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n .protocol(\"sqs\")\n .endpoint(\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n name: user_updates_sqs_target\n properties:\n topic: arn:aws:sns:us-west-2:432981146916:user-updates-topic\n protocol: sqs\n endpoint: arn:aws:sqs:us-west-2:432981146916:queue-too\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nAlternatively you can use the ARN properties of a managed SNS topic and SQS queue:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"user_updates\", {name: \"user-updates-topic\"});\nconst userUpdatesQueue = new aws.sqs.Queue(\"user_updates_queue\", {name: \"user-updates-queue\"});\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"user_updates_sqs_target\", {\n topic: userUpdates.arn,\n protocol: \"sqs\",\n endpoint: userUpdatesQueue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"user_updates\", name=\"user-updates-topic\")\nuser_updates_queue = aws.sqs.Queue(\"user_updates_queue\", name=\"user-updates-queue\")\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"user_updates_sqs_target\",\n topic=user_updates.arn,\n protocol=\"sqs\",\n endpoint=user_updates_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdates = new Aws.Sns.Topic(\"user_updates\", new()\n {\n Name = \"user-updates-topic\",\n });\n\n var userUpdatesQueue = new Aws.Sqs.Queue(\"user_updates_queue\", new()\n {\n Name = \"user-updates-queue\",\n });\n\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"user_updates_sqs_target\", new()\n {\n Topic = userUpdates.Arn,\n Protocol = \"sqs\",\n Endpoint = userUpdatesQueue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUpdates, err := sns.NewTopic(ctx, \"user_updates\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"user-updates-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserUpdatesQueue, err := sqs.NewQueue(ctx, \"user_updates_queue\", \u0026sqs.QueueArgs{\n\t\t\tName: pulumi.String(\"user-updates-queue\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"user_updates_sqs_target\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: userUpdates.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: userUpdatesQueue.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdates = new Topic(\"userUpdates\", TopicArgs.builder()\n .name(\"user-updates-topic\")\n .build());\n\n var userUpdatesQueue = new Queue(\"userUpdatesQueue\", QueueArgs.builder()\n .name(\"user-updates-queue\")\n .build());\n\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder()\n .topic(userUpdates.arn())\n .protocol(\"sqs\")\n .endpoint(userUpdatesQueue.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdates:\n type: aws:sns:Topic\n name: user_updates\n properties:\n name: user-updates-topic\n userUpdatesQueue:\n type: aws:sqs:Queue\n name: user_updates_queue\n properties:\n name: user-updates-queue\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n name: user_updates_sqs_target\n properties:\n topic: ${userUpdates.arn}\n protocol: sqs\n endpoint: ${userUpdatesQueue.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can subscribe SNS topics to SQS queues in different Amazon accounts and regions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst sns = config.getObject(\"sns\") || {\n \"account-id\": \"111111111111\",\n displayName: \"example\",\n name: \"example-sns-topic\",\n region: \"us-west-1\",\n \"role-name\": \"service/service\",\n};\nconst sqs = config.getObject(\"sqs\") || {\n \"account-id\": \"222222222222\",\n name: \"example-sqs-queue\",\n region: \"us-east-1\",\n \"role-name\": \"service/service\",\n};\nconst sns-topic-policy = aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [sns[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__default_statement_ID\",\n },\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions: [{\n test: \"StringLike\",\n variable: \"SNS:Endpoint\",\n values: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__console_sub_0\",\n },\n ],\n});\nconst sqs-queue-policy = aws.iam.getPolicyDocument({\n policyId: `arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}/SQSDefaultPolicy`,\n statements: [{\n sid: \"example-sns-topic\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n actions: [\"SQS:SendMessage\"],\n resources: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n }],\n }],\n});\nconst sns_topic = new aws.sns.Topic(\"sns-topic\", {\n name: sns.name,\n displayName: sns.display_name,\n policy: sns_topic_policy.then(sns_topic_policy =\u003e sns_topic_policy.json),\n});\nconst sqs_queue = new aws.sqs.Queue(\"sqs-queue\", {\n name: sqs.name,\n policy: sqs_queue_policy.then(sqs_queue_policy =\u003e sqs_queue_policy.json),\n});\nconst sns_topicTopicSubscription = new aws.sns.TopicSubscription(\"sns-topic\", {\n topic: sns_topic.arn,\n protocol: \"sqs\",\n endpoint: sqs_queue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsns = config.get_object(\"sns\")\nif sns is None:\n sns = {\n \"account-id\": \"111111111111\",\n \"displayName\": \"example\",\n \"name\": \"example-sns-topic\",\n \"region\": \"us-west-1\",\n \"role-name\": \"service/service\",\n }\nsqs = config.get_object(\"sqs\")\nif sqs is None:\n sqs = {\n \"account-id\": \"222222222222\",\n \"name\": \"example-sqs-queue\",\n \"region\": \"us-east-1\",\n \"role-name\": \"service/service\",\n }\nsns_topic_policy = aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[\n {\n \"actions\": [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n \"conditions\": [{\n \"test\": \"StringEquals\",\n \"variable\": \"AWS:SourceOwner\",\n \"values\": [sns[\"account-id\"]],\n }],\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"AWS\",\n \"identifiers\": [\"*\"],\n }],\n \"resources\": [f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n \"sid\": \"__default_statement_ID\",\n },\n {\n \"actions\": [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n \"conditions\": [{\n \"test\": \"StringLike\",\n \"variable\": \"SNS:Endpoint\",\n \"values\": [f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n }],\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"AWS\",\n \"identifiers\": [\"*\"],\n }],\n \"resources\": [f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n \"sid\": \"__console_sub_0\",\n },\n ])\nsqs_queue_policy = aws.iam.get_policy_document(policy_id=f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}/SQSDefaultPolicy\",\n statements=[{\n \"sid\": \"example-sns-topic\",\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"AWS\",\n \"identifiers\": [\"*\"],\n }],\n \"actions\": [\"SQS:SendMessage\"],\n \"resources\": [f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n \"conditions\": [{\n \"test\": \"ArnEquals\",\n \"variable\": \"aws:SourceArn\",\n \"values\": [f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n }],\n }])\nsns_topic = aws.sns.Topic(\"sns-topic\",\n name=sns[\"name\"],\n display_name=sns[\"display_name\"],\n policy=sns_topic_policy.json)\nsqs_queue = aws.sqs.Queue(\"sqs-queue\",\n name=sqs[\"name\"],\n policy=sqs_queue_policy.json)\nsns_topic_topic_subscription = aws.sns.TopicSubscription(\"sns-topic\",\n topic=sns_topic.arn,\n protocol=\"sqs\",\n endpoint=sqs_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var sns = config.GetObject\u003cdynamic\u003e(\"sns\") ?? \n {\n { \"account-id\", \"111111111111\" },\n { \"displayName\", \"example\" },\n { \"name\", \"example-sns-topic\" },\n { \"region\", \"us-west-1\" },\n { \"role-name\", \"service/service\" },\n };\n var sqs = config.GetObject\u003cdynamic\u003e(\"sqs\") ?? \n {\n { \"account-id\", \"222222222222\" },\n { \"name\", \"example-sqs-queue\" },\n { \"region\", \"us-east-1\" },\n { \"role-name\", \"service/service\" },\n };\n var sns_topic_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n sns.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__default_statement_ID\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"SNS:Endpoint\",\n Values = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__console_sub_0\",\n },\n },\n });\n\n var sqs_queue_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}/SQSDefaultPolicy\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example-sns-topic\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"SQS:SendMessage\",\n },\n Resources = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n },\n },\n },\n },\n });\n\n var sns_topic = new Aws.Sns.Topic(\"sns-topic\", new()\n {\n Name = sns.Name,\n DisplayName = sns.Display_name,\n Policy = sns_topic_policy.Apply(sns_topic_policy =\u003e sns_topic_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var sqs_queue = new Aws.Sqs.Queue(\"sqs-queue\", new()\n {\n Name = sqs.Name,\n Policy = sqs_queue_policy.Apply(sqs_queue_policy =\u003e sqs_queue_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var sns_topicTopicSubscription = new Aws.Sns.TopicSubscription(\"sns-topic\", new()\n {\n Topic = sns_topic.Arn,\n Protocol = \"sqs\",\n Endpoint = sqs_queue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nsns := map[string]interface{}{\n\"account-id\": \"111111111111\",\n\"displayName\": \"example\",\n\"name\": \"example-sns-topic\",\n\"region\": \"us-west-1\",\n\"role-name\": \"service/service\",\n};\nif param := cfg.GetObject(\"sns\"); param != nil {\nsns = param\n}\nsqs := map[string]interface{}{\n\"account-id\": \"222222222222\",\n\"name\": \"example-sqs-queue\",\n\"region\": \"us-east-1\",\n\"role-name\": \"service/service\",\n};\nif param := cfg.GetObject(\"sqs\"); param != nil {\nsqs = param\n}\nsns_topic_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(\"__default_policy_ID\"),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\nsns.AccountId,\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__default_statement_ID\"),\n},\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Receive\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringLike\",\nVariable: \"SNS:Endpoint\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__console_sub_0\"),\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsqs_queue_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(fmt.Sprintf(\"arn:aws:sqs:%v:%v:%v/SQSDefaultPolicy\", sqs.Region, sqs.AccountId, sqs.Name)),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"example-sns-topic\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"SQS:SendMessage\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopic(ctx, \"sns-topic\", \u0026sns.TopicArgs{\nName: pulumi.Any(sns.Name),\nDisplayName: pulumi.Any(sns.Display_name),\nPolicy: pulumi.String(sns_topic_policy.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = sqs.NewQueue(ctx, \"sqs-queue\", \u0026sqs.QueueArgs{\nName: pulumi.Any(sqs.Name),\nPolicy: pulumi.String(sqs_queue_policy.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"sns-topic\", \u0026sns.TopicSubscriptionArgs{\nTopic: sns_topic.Arn,\nProtocol: pulumi.String(\"sqs\"),\nEndpoint: sqs_queue.Arn,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var sns = config.get(\"sns\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sqs = config.get(\"sqs\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sns-topic-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(sns.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__default_statement_ID\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Receive\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"SNS:Endpoint\")\n .values(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__console_sub_0\")\n .build())\n .build());\n\n final var sqs-queue-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(String.format(\"arn:aws:sqs:%s:%s:%s/SQSDefaultPolicy\", sqs.region(),sqs.account-id(),sqs.name()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example-sns-topic\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .actions(\"SQS:SendMessage\")\n .resources(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .build())\n .build())\n .build());\n\n var sns_topic = new Topic(\"sns-topic\", TopicArgs.builder()\n .name(sns.name())\n .displayName(sns.display_name())\n .policy(sns_topic_policy.json())\n .build());\n\n var sqs_queue = new Queue(\"sqs-queue\", QueueArgs.builder()\n .name(sqs.name())\n .policy(sqs_queue_policy.json())\n .build());\n\n var sns_topicTopicSubscription = new TopicSubscription(\"sns-topicTopicSubscription\", TopicSubscriptionArgs.builder()\n .topic(sns_topic.arn())\n .protocol(\"sqs\")\n .endpoint(sqs_queue.arn())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n sns:\n type: dynamic\n default:\n account-id: '111111111111'\n displayName: example\n name: example-sns-topic\n region: us-west-1\n role-name: service/service\n sqs:\n type: dynamic\n default:\n account-id: '222222222222'\n name: example-sqs-queue\n region: us-east-1\n role-name: service/service\nresources:\n sns-topic:\n type: aws:sns:Topic\n properties:\n name: ${sns.name}\n displayName: ${sns.display_name}\n policy: ${[\"sns-topic-policy\"].json}\n sqs-queue:\n type: aws:sqs:Queue\n properties:\n name: ${sqs.name}\n policy: ${[\"sqs-queue-policy\"].json}\n sns-topicTopicSubscription:\n type: aws:sns:TopicSubscription\n name: sns-topic\n properties:\n topic: ${[\"sns-topic\"].arn}\n protocol: sqs\n endpoint: ${[\"sqs-queue\"].arn}\nvariables:\n sns-topic-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${sns\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __default_statement_ID\n - actions:\n - SNS:Subscribe\n - SNS:Receive\n conditions:\n - test: StringLike\n variable: SNS:Endpoint\n values:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __console_sub_0\n sqs-queue-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n policyId: arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}/SQSDefaultPolicy\n statements:\n - sid: example-sns-topic\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n actions:\n - SQS:SendMessage\n resources:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SNS Topic Subscriptions using the subscription `arn`. For example:\n\n```sh\n$ pulumi import aws:sns/topicSubscription:TopicSubscription user_updates_sqs_target arn:aws:sns:us-west-2:123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f\n```\n", + "description": "Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues.\n\n\u003e **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription.\n\n\u003e **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`.\n\n\u003e **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic.\n\n\u003e **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it.\n\n## Example Usage\n\nYou can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"user_updates_sqs_target\", {\n topic: \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n protocol: \"sqs\",\n endpoint: \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"user_updates_sqs_target\",\n topic=\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n protocol=\"sqs\",\n endpoint=\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"user_updates_sqs_target\", new()\n {\n Topic = \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n Protocol = \"sqs\",\n Endpoint = \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopicSubscription(ctx, \"user_updates_sqs_target\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: pulumi.Any(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\"),\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: pulumi.String(\"arn:aws:sqs:us-west-2:432981146916:queue-too\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder()\n .topic(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n .protocol(\"sqs\")\n .endpoint(\"arn:aws:sqs:us-west-2:432981146916:queue-too\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n name: user_updates_sqs_target\n properties:\n topic: arn:aws:sns:us-west-2:432981146916:user-updates-topic\n protocol: sqs\n endpoint: arn:aws:sqs:us-west-2:432981146916:queue-too\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nAlternatively you can use the ARN properties of a managed SNS topic and SQS queue:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"user_updates\", {name: \"user-updates-topic\"});\nconst userUpdatesQueue = new aws.sqs.Queue(\"user_updates_queue\", {name: \"user-updates-queue\"});\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"user_updates_sqs_target\", {\n topic: userUpdates.arn,\n protocol: \"sqs\",\n endpoint: userUpdatesQueue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"user_updates\", name=\"user-updates-topic\")\nuser_updates_queue = aws.sqs.Queue(\"user_updates_queue\", name=\"user-updates-queue\")\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"user_updates_sqs_target\",\n topic=user_updates.arn,\n protocol=\"sqs\",\n endpoint=user_updates_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var userUpdates = new Aws.Sns.Topic(\"user_updates\", new()\n {\n Name = \"user-updates-topic\",\n });\n\n var userUpdatesQueue = new Aws.Sqs.Queue(\"user_updates_queue\", new()\n {\n Name = \"user-updates-queue\",\n });\n\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"user_updates_sqs_target\", new()\n {\n Topic = userUpdates.Arn,\n Protocol = \"sqs\",\n Endpoint = userUpdatesQueue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUpdates, err := sns.NewTopic(ctx, \"user_updates\", \u0026sns.TopicArgs{\n\t\t\tName: pulumi.String(\"user-updates-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserUpdatesQueue, err := sqs.NewQueue(ctx, \"user_updates_queue\", \u0026sqs.QueueArgs{\n\t\t\tName: pulumi.String(\"user-updates-queue\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"user_updates_sqs_target\", \u0026sns.TopicSubscriptionArgs{\n\t\t\tTopic: userUpdates.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: userUpdatesQueue.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var userUpdates = new Topic(\"userUpdates\", TopicArgs.builder()\n .name(\"user-updates-topic\")\n .build());\n\n var userUpdatesQueue = new Queue(\"userUpdatesQueue\", QueueArgs.builder()\n .name(\"user-updates-queue\")\n .build());\n\n var userUpdatesSqsTarget = new TopicSubscription(\"userUpdatesSqsTarget\", TopicSubscriptionArgs.builder()\n .topic(userUpdates.arn())\n .protocol(\"sqs\")\n .endpoint(userUpdatesQueue.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n userUpdates:\n type: aws:sns:Topic\n name: user_updates\n properties:\n name: user-updates-topic\n userUpdatesQueue:\n type: aws:sqs:Queue\n name: user_updates_queue\n properties:\n name: user-updates-queue\n userUpdatesSqsTarget:\n type: aws:sns:TopicSubscription\n name: user_updates_sqs_target\n properties:\n topic: ${userUpdates.arn}\n protocol: sqs\n endpoint: ${userUpdatesQueue.arn}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nYou can subscribe SNS topics to SQS queues in different Amazon accounts and regions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst sns = config.getObject(\"sns\") || {\n \"account-id\": \"111111111111\",\n displayName: \"example\",\n name: \"example-sns-topic\",\n region: \"us-west-1\",\n \"role-name\": \"service/service\",\n};\nconst sqs = config.getObject(\"sqs\") || {\n \"account-id\": \"222222222222\",\n name: \"example-sqs-queue\",\n region: \"us-east-1\",\n \"role-name\": \"service/service\",\n};\nconst sns_topic_policy = aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [sns[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__default_statement_ID\",\n },\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions: [{\n test: \"StringLike\",\n variable: \"SNS:Endpoint\",\n values: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__console_sub_0\",\n },\n ],\n});\nconst sqs_queue_policy = aws.iam.getPolicyDocument({\n policyId: `arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}/SQSDefaultPolicy`,\n statements: [{\n sid: \"example-sns-topic\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n actions: [\"SQS:SendMessage\"],\n resources: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n }],\n }],\n});\nconst sns_topic = new aws.sns.Topic(\"sns-topic\", {\n name: sns.name,\n displayName: sns.display_name,\n policy: sns_topic_policy.then(sns_topic_policy =\u003e sns_topic_policy.json),\n});\nconst sqs_queue = new aws.sqs.Queue(\"sqs-queue\", {\n name: sqs.name,\n policy: sqs_queue_policy.then(sqs_queue_policy =\u003e sqs_queue_policy.json),\n});\nconst sns_topicTopicSubscription = new aws.sns.TopicSubscription(\"sns-topic\", {\n topic: sns_topic.arn,\n protocol: \"sqs\",\n endpoint: sqs_queue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsns = config.get_object(\"sns\")\nif sns is None:\n sns = {\n \"account-id\": \"111111111111\",\n \"displayName\": \"example\",\n \"name\": \"example-sns-topic\",\n \"region\": \"us-west-1\",\n \"role-name\": \"service/service\",\n }\nsqs = config.get_object(\"sqs\")\nif sqs is None:\n sqs = {\n \"account-id\": \"222222222222\",\n \"name\": \"example-sqs-queue\",\n \"region\": \"us-east-1\",\n \"role-name\": \"service/service\",\n }\nsns_topic_policy = aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[\n {\n \"actions\": [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n \"conditions\": [{\n \"test\": \"StringEquals\",\n \"variable\": \"AWS:SourceOwner\",\n \"values\": [sns[\"account-id\"]],\n }],\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"AWS\",\n \"identifiers\": [\"*\"],\n }],\n \"resources\": [f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n \"sid\": \"__default_statement_ID\",\n },\n {\n \"actions\": [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n \"conditions\": [{\n \"test\": \"StringLike\",\n \"variable\": \"SNS:Endpoint\",\n \"values\": [f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n }],\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"AWS\",\n \"identifiers\": [\"*\"],\n }],\n \"resources\": [f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n \"sid\": \"__console_sub_0\",\n },\n ])\nsqs_queue_policy = aws.iam.get_policy_document(policy_id=f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}/SQSDefaultPolicy\",\n statements=[{\n \"sid\": \"example-sns-topic\",\n \"effect\": \"Allow\",\n \"principals\": [{\n \"type\": \"AWS\",\n \"identifiers\": [\"*\"],\n }],\n \"actions\": [\"SQS:SendMessage\"],\n \"resources\": [f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n \"conditions\": [{\n \"test\": \"ArnEquals\",\n \"variable\": \"aws:SourceArn\",\n \"values\": [f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n }],\n }])\nsns_topic = aws.sns.Topic(\"sns-topic\",\n name=sns[\"name\"],\n display_name=sns[\"display_name\"],\n policy=sns_topic_policy.json)\nsqs_queue = aws.sqs.Queue(\"sqs-queue\",\n name=sqs[\"name\"],\n policy=sqs_queue_policy.json)\nsns_topic_topic_subscription = aws.sns.TopicSubscription(\"sns-topic\",\n topic=sns_topic.arn,\n protocol=\"sqs\",\n endpoint=sqs_queue.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var sns = config.GetObject\u003cdynamic\u003e(\"sns\") ?? \n {\n { \"account-id\", \"111111111111\" },\n { \"displayName\", \"example\" },\n { \"name\", \"example-sns-topic\" },\n { \"region\", \"us-west-1\" },\n { \"role-name\", \"service/service\" },\n };\n var sqs = config.GetObject\u003cdynamic\u003e(\"sqs\") ?? \n {\n { \"account-id\", \"222222222222\" },\n { \"name\", \"example-sqs-queue\" },\n { \"region\", \"us-east-1\" },\n { \"role-name\", \"service/service\" },\n };\n var sns_topic_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = \"__default_policy_ID\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = new[]\n {\n sns.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__default_statement_ID\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"StringLike\",\n Variable = \"SNS:Endpoint\",\n Values = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n },\n },\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Resources = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__console_sub_0\",\n },\n },\n });\n\n var sqs_queue_policy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n PolicyId = $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}/SQSDefaultPolicy\",\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Sid = \"example-sns-topic\",\n Effect = \"Allow\",\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"AWS\",\n Identifiers = new[]\n {\n \"*\",\n },\n },\n },\n Actions = new[]\n {\n \"SQS:SendMessage\",\n },\n Resources = new[]\n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n Conditions = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = new[]\n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n },\n },\n },\n },\n });\n\n var sns_topic = new Aws.Sns.Topic(\"sns-topic\", new()\n {\n Name = sns.Name,\n DisplayName = sns.Display_name,\n Policy = sns_topic_policy.Apply(sns_topic_policy =\u003e sns_topic_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var sqs_queue = new Aws.Sqs.Queue(\"sqs-queue\", new()\n {\n Name = sqs.Name,\n Policy = sqs_queue_policy.Apply(sqs_queue_policy =\u003e sqs_queue_policy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json)),\n });\n\n var sns_topicTopicSubscription = new Aws.Sns.TopicSubscription(\"sns-topic\", new()\n {\n Topic = sns_topic.Arn,\n Protocol = \"sqs\",\n Endpoint = sqs_queue.Arn,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nsns := map[string]interface{}{\n\"account-id\": \"111111111111\",\n\"displayName\": \"example\",\n\"name\": \"example-sns-topic\",\n\"region\": \"us-west-1\",\n\"role-name\": \"service/service\",\n};\nif param := cfg.GetObject(\"sns\"); param != nil {\nsns = param\n}\nsqs := map[string]interface{}{\n\"account-id\": \"222222222222\",\n\"name\": \"example-sqs-queue\",\n\"region\": \"us-east-1\",\n\"role-name\": \"service/service\",\n};\nif param := cfg.GetObject(\"sqs\"); param != nil {\nsqs = param\n}\nsns_topic_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(\"__default_policy_ID\"),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:SetTopicAttributes\",\n\"SNS:RemovePermission\",\n\"SNS:Publish\",\n\"SNS:ListSubscriptionsByTopic\",\n\"SNS:GetTopicAttributes\",\n\"SNS:DeleteTopic\",\n\"SNS:AddPermission\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringEquals\",\nVariable: \"AWS:SourceOwner\",\nValues: interface{}{\nsns.AccountId,\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__default_statement_ID\"),\n},\n{\nActions: []string{\n\"SNS:Subscribe\",\n\"SNS:Receive\",\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"StringLike\",\nVariable: \"SNS:Endpoint\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\n},\n},\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\nSid: pulumi.StringRef(\"__console_sub_0\"),\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nsqs_queue_policy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\nPolicyId: pulumi.StringRef(fmt.Sprintf(\"arn:aws:sqs:%v:%v:%v/SQSDefaultPolicy\", sqs.Region, sqs.AccountId, sqs.Name)),\nStatements: []iam.GetPolicyDocumentStatement{\n{\nSid: pulumi.StringRef(\"example-sns-topic\"),\nEffect: pulumi.StringRef(\"Allow\"),\nPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n{\nType: \"AWS\",\nIdentifiers: []string{\n\"*\",\n},\n},\n},\nActions: []string{\n\"SQS:SendMessage\",\n},\nResources: []string{\nfmt.Sprintf(\"arn:aws:sqs:%v:%v:%v\", sqs.Region, sqs.AccountId, sqs.Name),\n},\nConditions: []iam.GetPolicyDocumentStatementCondition{\n{\nTest: \"ArnEquals\",\nVariable: \"aws:SourceArn\",\nValues: []string{\nfmt.Sprintf(\"arn:aws:sns:%v:%v:%v\", sns.Region, sns.AccountId, sns.Name),\n},\n},\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopic(ctx, \"sns-topic\", \u0026sns.TopicArgs{\nName: pulumi.Any(sns.Name),\nDisplayName: pulumi.Any(sns.Display_name),\nPolicy: pulumi.String(sns_topic_policy.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = sqs.NewQueue(ctx, \"sqs-queue\", \u0026sqs.QueueArgs{\nName: pulumi.Any(sqs.Name),\nPolicy: pulumi.String(sqs_queue_policy.Json),\n})\nif err != nil {\nreturn err\n}\n_, err = sns.NewTopicSubscription(ctx, \"sns-topic\", \u0026sns.TopicSubscriptionArgs{\nTopic: sns_topic.Arn,\nProtocol: pulumi.String(\"sqs\"),\nEndpoint: sqs_queue.Arn,\n})\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.sns.Topic;\nimport com.pulumi.aws.sns.TopicArgs;\nimport com.pulumi.aws.sqs.Queue;\nimport com.pulumi.aws.sqs.QueueArgs;\nimport com.pulumi.aws.sns.TopicSubscription;\nimport com.pulumi.aws.sns.TopicSubscriptionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var sns = config.get(\"sns\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sqs = config.get(\"sqs\").orElse(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference));\n final var sns-topic-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(\"__default_policy_ID\")\n .statements( \n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringEquals\")\n .variable(\"AWS:SourceOwner\")\n .values(sns.account-id())\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__default_statement_ID\")\n .build(),\n GetPolicyDocumentStatementArgs.builder()\n .actions( \n \"SNS:Subscribe\",\n \"SNS:Receive\")\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"StringLike\")\n .variable(\"SNS:Endpoint\")\n .values(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .build())\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .resources(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .sid(\"__console_sub_0\")\n .build())\n .build());\n\n final var sqs-queue-policy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .policyId(String.format(\"arn:aws:sqs:%s:%s:%s/SQSDefaultPolicy\", sqs.region(),sqs.account-id(),sqs.name()))\n .statements(GetPolicyDocumentStatementArgs.builder()\n .sid(\"example-sns-topic\")\n .effect(\"Allow\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"AWS\")\n .identifiers(\"*\")\n .build())\n .actions(\"SQS:SendMessage\")\n .resources(String.format(\"arn:aws:sqs:%s:%s:%s\", sqs.region(),sqs.account-id(),sqs.name()))\n .conditions(GetPolicyDocumentStatementConditionArgs.builder()\n .test(\"ArnEquals\")\n .variable(\"aws:SourceArn\")\n .values(String.format(\"arn:aws:sns:%s:%s:%s\", sns.region(),sns.account-id(),sns.name()))\n .build())\n .build())\n .build());\n\n var sns_topic = new Topic(\"sns-topic\", TopicArgs.builder()\n .name(sns.name())\n .displayName(sns.display_name())\n .policy(sns_topic_policy.json())\n .build());\n\n var sqs_queue = new Queue(\"sqs-queue\", QueueArgs.builder()\n .name(sqs.name())\n .policy(sqs_queue_policy.json())\n .build());\n\n var sns_topicTopicSubscription = new TopicSubscription(\"sns-topicTopicSubscription\", TopicSubscriptionArgs.builder()\n .topic(sns_topic.arn())\n .protocol(\"sqs\")\n .endpoint(sqs_queue.arn())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n sns:\n type: dynamic\n default:\n account-id: '111111111111'\n displayName: example\n name: example-sns-topic\n region: us-west-1\n role-name: service/service\n sqs:\n type: dynamic\n default:\n account-id: '222222222222'\n name: example-sqs-queue\n region: us-east-1\n role-name: service/service\nresources:\n sns-topic:\n type: aws:sns:Topic\n properties:\n name: ${sns.name}\n displayName: ${sns.display_name}\n policy: ${[\"sns-topic-policy\"].json}\n sqs-queue:\n type: aws:sqs:Queue\n properties:\n name: ${sqs.name}\n policy: ${[\"sqs-queue-policy\"].json}\n sns-topicTopicSubscription:\n type: aws:sns:TopicSubscription\n name: sns-topic\n properties:\n topic: ${[\"sns-topic\"].arn}\n protocol: sqs\n endpoint: ${[\"sqs-queue\"].arn}\nvariables:\n sns-topic-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n policyId: __default_policy_ID\n statements:\n - actions:\n - SNS:Subscribe\n - SNS:SetTopicAttributes\n - SNS:RemovePermission\n - SNS:Publish\n - SNS:ListSubscriptionsByTopic\n - SNS:GetTopicAttributes\n - SNS:DeleteTopic\n - SNS:AddPermission\n conditions:\n - test: StringEquals\n variable: AWS:SourceOwner\n values:\n - ${sns\"account-id\"[%!s(MISSING)]}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __default_statement_ID\n - actions:\n - SNS:Subscribe\n - SNS:Receive\n conditions:\n - test: StringLike\n variable: SNS:Endpoint\n values:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n resources:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n sid: __console_sub_0\n sqs-queue-policy:\n fn::invoke:\n function: aws:iam:getPolicyDocument\n arguments:\n policyId: arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}/SQSDefaultPolicy\n statements:\n - sid: example-sns-topic\n effect: Allow\n principals:\n - type: AWS\n identifiers:\n - '*'\n actions:\n - SQS:SendMessage\n resources:\n - arn:aws:sqs:${sqs.region}:${sqs\"account-id\"[%!s(MISSING)]}:${sqs.name}\n conditions:\n - test: ArnEquals\n variable: aws:SourceArn\n values:\n - arn:aws:sns:${sns.region}:${sns\"account-id\"[%!s(MISSING)]}:${sns.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import SNS Topic Subscriptions using the subscription `arn`. For example:\n\n```sh\n$ pulumi import aws:sns/topicSubscription:TopicSubscription user_updates_sqs_target arn:aws:sns:us-west-2:123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f\n```\n", "properties": { "arn": { "type": "string", @@ -389249,7 +389249,7 @@ } }, "aws:batch/getComputeEnvironment:getComputeEnvironment": { - "description": "The Batch Compute Environment data source allows access to details of a specific\ncompute environment within AWS Batch.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst batch-mongo = aws.batch.getComputeEnvironment({\n computeEnvironmentName: \"batch-mongo-production\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbatch_mongo = aws.batch.get_compute_environment(compute_environment_name=\"batch-mongo-production\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var batch_mongo = Aws.Batch.GetComputeEnvironment.Invoke(new()\n {\n ComputeEnvironmentName = \"batch-mongo-production\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.LookupComputeEnvironment(ctx, \u0026batch.LookupComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: \"batch-mongo-production\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.BatchFunctions;\nimport com.pulumi.aws.batch.inputs.GetComputeEnvironmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var batch-mongo = BatchFunctions.getComputeEnvironment(GetComputeEnvironmentArgs.builder()\n .computeEnvironmentName(\"batch-mongo-production\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n batch-mongo:\n fn::invoke:\n function: aws:batch:getComputeEnvironment\n arguments:\n computeEnvironmentName: batch-mongo-production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The Batch Compute Environment data source allows access to details of a specific\ncompute environment within AWS Batch.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst batch_mongo = aws.batch.getComputeEnvironment({\n computeEnvironmentName: \"batch-mongo-production\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbatch_mongo = aws.batch.get_compute_environment(compute_environment_name=\"batch-mongo-production\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var batch_mongo = Aws.Batch.GetComputeEnvironment.Invoke(new()\n {\n ComputeEnvironmentName = \"batch-mongo-production\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.LookupComputeEnvironment(ctx, \u0026batch.LookupComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: \"batch-mongo-production\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.BatchFunctions;\nimport com.pulumi.aws.batch.inputs.GetComputeEnvironmentArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var batch-mongo = BatchFunctions.getComputeEnvironment(GetComputeEnvironmentArgs.builder()\n .computeEnvironmentName(\"batch-mongo-production\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n batch-mongo:\n fn::invoke:\n function: aws:batch:getComputeEnvironment\n arguments:\n computeEnvironmentName: batch-mongo-production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getComputeEnvironment.\n", "properties": { @@ -389449,7 +389449,7 @@ } }, "aws:batch/getJobQueue:getJobQueue": { - "description": "The Batch Job Queue data source allows access to details of a specific\njob queue within AWS Batch.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test-queue = aws.batch.getJobQueue({\n name: \"tf-test-batch-job-queue\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_queue = aws.batch.get_job_queue(name=\"tf-test-batch-job-queue\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test_queue = Aws.Batch.GetJobQueue.Invoke(new()\n {\n Name = \"tf-test-batch-job-queue\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.LookupJobQueue(ctx, \u0026batch.LookupJobQueueArgs{\n\t\t\tName: \"tf-test-batch-job-queue\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.BatchFunctions;\nimport com.pulumi.aws.batch.inputs.GetJobQueueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test-queue = BatchFunctions.getJobQueue(GetJobQueueArgs.builder()\n .name(\"tf-test-batch-job-queue\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test-queue:\n fn::invoke:\n function: aws:batch:getJobQueue\n arguments:\n name: tf-test-batch-job-queue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The Batch Job Queue data source allows access to details of a specific\njob queue within AWS Batch.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test_queue = aws.batch.getJobQueue({\n name: \"tf-test-batch-job-queue\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_queue = aws.batch.get_job_queue(name=\"tf-test-batch-job-queue\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test_queue = Aws.Batch.GetJobQueue.Invoke(new()\n {\n Name = \"tf-test-batch-job-queue\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.LookupJobQueue(ctx, \u0026batch.LookupJobQueueArgs{\n\t\t\tName: \"tf-test-batch-job-queue\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.batch.BatchFunctions;\nimport com.pulumi.aws.batch.inputs.GetJobQueueArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test-queue = BatchFunctions.getJobQueue(GetJobQueueArgs.builder()\n .name(\"tf-test-batch-job-queue\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test-queue:\n fn::invoke:\n function: aws:batch:getJobQueue\n arguments:\n name: tf-test-batch-job-queue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getJobQueue.\n", "properties": { @@ -394271,7 +394271,7 @@ } }, "aws:controltower/getControls:getControls": { - "description": "List of Control Tower controls applied to an OU.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst this = aws.organizations.getOrganization({});\nconst thisGetOrganizationalUnits = _this.then(_this =\u003e aws.organizations.getOrganizationalUnits({\n parentId: _this.roots?.[0]?.id,\n}));\nconst thisGetControls = thisGetOrganizationalUnits.then(thisGetOrganizationalUnits =\u003e aws.controltower.getControls({\n targetIdentifier: .filter(x =\u003e x.name == \"Security\").map(x =\u003e (x.arn))[0],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.organizations.get_organization()\nthis_get_organizational_units = aws.organizations.get_organizational_units(parent_id=this.roots[0].id)\nthis_get_controls = aws.controltower.get_controls(target_identifier=[x.arn for x in this_get_organizational_units.children if x.name == \"Security\"][0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = Aws.Organizations.GetOrganization.Invoke();\n\n var thisGetOrganizationalUnits = Aws.Organizations.GetOrganizationalUnits.Invoke(new()\n {\n ParentId = @this.Apply(getOrganizationResult =\u003e getOrganizationResult.Roots[0]?.Id),\n });\n\n var thisGetControls = Aws.ControlTower.GetControls.Invoke(new()\n {\n TargetIdentifier = [0],\n });\n\n});\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "List of Control Tower controls applied to an OU.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _this = aws.organizations.getOrganization({});\nconst thisGetOrganizationalUnits = _this.then(_this =\u003e aws.organizations.getOrganizationalUnits({\n parentId: _this.roots?.[0]?.id,\n}));\nconst thisGetControls = thisGetOrganizationalUnits.then(thisGetOrganizationalUnits =\u003e aws.controltower.getControls({\n targetIdentifier: .filter(x =\u003e x.name == \"Security\").map(x =\u003e (x.arn))[0],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis = aws.organizations.get_organization()\nthis_get_organizational_units = aws.organizations.get_organizational_units(parent_id=this.roots[0].id)\nthis_get_controls = aws.controltower.get_controls(target_identifier=[x.arn for x in this_get_organizational_units.children if x.name == \"Security\"][0])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = Aws.Organizations.GetOrganization.Invoke();\n\n var thisGetOrganizationalUnits = Aws.Organizations.GetOrganizationalUnits.Invoke(new()\n {\n ParentId = @this.Apply(getOrganizationResult =\u003e getOrganizationResult.Roots[0]?.Id),\n });\n\n var thisGetControls = Aws.ControlTower.GetControls.Invoke(new()\n {\n TargetIdentifier = [0],\n });\n\n});\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getControls.\n", "properties": { @@ -398538,7 +398538,7 @@ } }, "aws:ec2/getInternetGateway:getInternetGateway": { - "description": "`aws.ec2.InternetGateway` provides details about a specific Internet Gateway.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpcId = config.requireObject(\"vpcId\");\nconst default = aws.ec2.getInternetGateway({\n filters: [{\n name: \"attachment.vpc-id\",\n values: [vpcId],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc_id = config.require_object(\"vpcId\")\ndefault = aws.ec2.get_internet_gateway(filters=[{\n \"name\": \"attachment.vpc-id\",\n \"values\": [vpc_id],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpcId = config.RequireObject\u003cdynamic\u003e(\"vpcId\");\n var @default = Aws.Ec2.GetInternetGateway.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetInternetGatewayFilterInputArgs\n {\n Name = \"attachment.vpc-id\",\n Values = new[]\n {\n vpcId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpcId := cfg.RequireObject(\"vpcId\")\n_, err := ec2.LookupInternetGateway(ctx, \u0026ec2.LookupInternetGatewayArgs{\nFilters: []ec2.GetInternetGatewayFilter{\n{\nName: \"attachment.vpc-id\",\nValues: interface{}{\nvpcId,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetInternetGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpcId = config.get(\"vpcId\");\n final var default = Ec2Functions.getInternetGateway(GetInternetGatewayArgs.builder()\n .filters(GetInternetGatewayFilterArgs.builder()\n .name(\"attachment.vpc-id\")\n .values(vpcId)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpcId:\n type: dynamic\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getInternetGateway\n arguments:\n filters:\n - name: attachment.vpc-id\n values:\n - ${vpcId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.ec2.InternetGateway` provides details about a specific Internet Gateway.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst vpcId = config.requireObject(\"vpcId\");\nconst _default = aws.ec2.getInternetGateway({\n filters: [{\n name: \"attachment.vpc-id\",\n values: [vpcId],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nvpc_id = config.require_object(\"vpcId\")\ndefault = aws.ec2.get_internet_gateway(filters=[{\n \"name\": \"attachment.vpc-id\",\n \"values\": [vpc_id],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var vpcId = config.RequireObject\u003cdynamic\u003e(\"vpcId\");\n var @default = Aws.Ec2.GetInternetGateway.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetInternetGatewayFilterInputArgs\n {\n Name = \"attachment.vpc-id\",\n Values = new[]\n {\n vpcId,\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\nfunc main() {\npulumi.Run(func(ctx *pulumi.Context) error {\ncfg := config.New(ctx, \"\")\nvpcId := cfg.RequireObject(\"vpcId\")\n_, err := ec2.LookupInternetGateway(ctx, \u0026ec2.LookupInternetGatewayArgs{\nFilters: []ec2.GetInternetGatewayFilter{\n{\nName: \"attachment.vpc-id\",\nValues: interface{}{\nvpcId,\n},\n},\n},\n}, nil);\nif err != nil {\nreturn err\n}\nreturn nil\n})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetInternetGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var vpcId = config.get(\"vpcId\");\n final var default = Ec2Functions.getInternetGateway(GetInternetGatewayArgs.builder()\n .filters(GetInternetGatewayFilterArgs.builder()\n .name(\"attachment.vpc-id\")\n .values(vpcId)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n vpcId:\n type: dynamic\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getInternetGateway\n arguments:\n filters:\n - name: attachment.vpc-id\n values:\n - ${vpcId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getInternetGateway.\n", "properties": { @@ -398895,7 +398895,7 @@ } }, "aws:ec2/getLaunchTemplate:getLaunchTemplate": { - "description": "Provides information about a Launch Template.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst default = aws.ec2.getLaunchTemplate({\n name: \"my-launch-template\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_launch_template(name=\"my-launch-template\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetLaunchTemplate.Invoke(new()\n {\n Name = \"my-launch-template\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupLaunchTemplate(ctx, \u0026ec2.LookupLaunchTemplateArgs{\n\t\t\tName: pulumi.StringRef(\"my-launch-template\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getLaunchTemplate(GetLaunchTemplateArgs.builder()\n .name(\"my-launch-template\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getLaunchTemplate\n arguments:\n name: my-launch-template\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Filter\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getLaunchTemplate({\n filters: [{\n name: \"launch-template-name\",\n values: [\"some-template\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_launch_template(filters=[{\n \"name\": \"launch-template-name\",\n \"values\": [\"some-template\"],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetLaunchTemplate.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetLaunchTemplateFilterInputArgs\n {\n Name = \"launch-template-name\",\n Values = new[]\n {\n \"some-template\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupLaunchTemplate(ctx, \u0026ec2.LookupLaunchTemplateArgs{\n\t\t\tFilters: []ec2.GetLaunchTemplateFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"launch-template-name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"some-template\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getLaunchTemplate(GetLaunchTemplateArgs.builder()\n .filters(GetLaunchTemplateFilterArgs.builder()\n .name(\"launch-template-name\")\n .values(\"some-template\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n function: aws:ec2:getLaunchTemplate\n arguments:\n filters:\n - name: launch-template-name\n values:\n - some-template\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides information about a Launch Template.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = aws.ec2.getLaunchTemplate({\n name: \"my-launch-template\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_launch_template(name=\"my-launch-template\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetLaunchTemplate.Invoke(new()\n {\n Name = \"my-launch-template\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupLaunchTemplate(ctx, \u0026ec2.LookupLaunchTemplateArgs{\n\t\t\tName: pulumi.StringRef(\"my-launch-template\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getLaunchTemplate(GetLaunchTemplateArgs.builder()\n .name(\"my-launch-template\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getLaunchTemplate\n arguments:\n name: my-launch-template\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Filter\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ec2.getLaunchTemplate({\n filters: [{\n name: \"launch-template-name\",\n values: [\"some-template\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_launch_template(filters=[{\n \"name\": \"launch-template-name\",\n \"values\": [\"some-template\"],\n}])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var test = Aws.Ec2.GetLaunchTemplate.Invoke(new()\n {\n Filters = new[]\n {\n new Aws.Ec2.Inputs.GetLaunchTemplateFilterInputArgs\n {\n Name = \"launch-template-name\",\n Values = new[]\n {\n \"some-template\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupLaunchTemplate(ctx, \u0026ec2.LookupLaunchTemplateArgs{\n\t\t\tFilters: []ec2.GetLaunchTemplateFilter{\n\t\t\t\t{\n\t\t\t\t\tName: \"launch-template-name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"some-template\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetLaunchTemplateArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var test = Ec2Functions.getLaunchTemplate(GetLaunchTemplateArgs.builder()\n .filters(GetLaunchTemplateFilterArgs.builder()\n .name(\"launch-template-name\")\n .values(\"some-template\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n test:\n fn::invoke:\n function: aws:ec2:getLaunchTemplate\n arguments:\n filters:\n - name: launch-template-name\n values:\n - some-template\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getLaunchTemplate.\n", "properties": { @@ -399797,7 +399797,7 @@ } }, "aws:ec2/getNatGateway:getNatGateway": { - "description": "Provides details about a specific VPC NAT Gateway.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst default = aws.ec2.getNatGateway({\n subnetId: _public.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_nat_gateway(subnet_id=public[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetNatGateway.Invoke(new()\n {\n SubnetId = @public.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupNatGateway(ctx, \u0026ec2.LookupNatGatewayArgs{\n\t\t\tSubnetId: pulumi.StringRef(public.Id),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNatGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getNatGateway(GetNatGatewayArgs.builder()\n .subnetId(public_.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getNatGateway\n arguments:\n subnetId: ${public.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With tags\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst default = aws.ec2.getNatGateway({\n subnetId: _public.id,\n tags: {\n Name: \"gw NAT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_nat_gateway(subnet_id=public[\"id\"],\n tags={\n \"Name\": \"gw NAT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetNatGateway.Invoke(new()\n {\n SubnetId = @public.Id,\n Tags = \n {\n { \"Name\", \"gw NAT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupNatGateway(ctx, \u0026ec2.LookupNatGatewayArgs{\n\t\t\tSubnetId: pulumi.StringRef(public.Id),\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Name\": \"gw NAT\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNatGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getNatGateway(GetNatGatewayArgs.builder()\n .subnetId(public_.id())\n .tags(Map.of(\"Name\", \"gw NAT\"))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getNatGateway\n arguments:\n subnetId: ${public.id}\n tags:\n Name: gw NAT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Provides details about a specific VPC NAT Gateway.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = aws.ec2.getNatGateway({\n subnetId: _public.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_nat_gateway(subnet_id=public[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetNatGateway.Invoke(new()\n {\n SubnetId = @public.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupNatGateway(ctx, \u0026ec2.LookupNatGatewayArgs{\n\t\t\tSubnetId: pulumi.StringRef(public.Id),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNatGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getNatGateway(GetNatGatewayArgs.builder()\n .subnetId(public_.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getNatGateway\n arguments:\n subnetId: ${public.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### With tags\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = aws.ec2.getNatGateway({\n subnetId: _public.id,\n tags: {\n Name: \"gw NAT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_nat_gateway(subnet_id=public[\"id\"],\n tags={\n \"Name\": \"gw NAT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetNatGateway.Invoke(new()\n {\n SubnetId = @public.Id,\n Tags = \n {\n { \"Name\", \"gw NAT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupNatGateway(ctx, \u0026ec2.LookupNatGatewayArgs{\n\t\t\tSubnetId: pulumi.StringRef(public.Id),\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Name\": \"gw NAT\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetNatGatewayArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getNatGateway(GetNatGatewayArgs.builder()\n .subnetId(public_.id())\n .tags(Map.of(\"Name\", \"gw NAT\"))\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getNatGateway\n arguments:\n subnetId: ${public.id}\n tags:\n Name: gw NAT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getNatGateway.\n", "properties": { @@ -400686,7 +400686,7 @@ } }, "aws:ec2/getRoute:getRoute": { - "description": "`aws.ec2.Route` provides details about a specific Route.\n\nThis resource can prove useful when finding the resource associated with a CIDR. For example, finding the peering connection associated with a CIDR value.\n\n## Example Usage\n\nThe following example shows how one might use a CIDR value to find a network interface id and use this to create a data source of that network interface.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst selected = aws.ec2.getRouteTable({\n subnetId: subnetId,\n});\nconst route = aws.ec2.getRoute({\n routeTableId: selectedAwsRouteTable.id,\n destinationCidrBlock: \"10.0.1.0/24\",\n});\nconst interface = route.then(route =\u003e aws.ec2.getNetworkInterface({\n id: route.networkInterfaceId,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\nselected = aws.ec2.get_route_table(subnet_id=subnet_id)\nroute = aws.ec2.get_route(route_table_id=selected_aws_route_table[\"id\"],\n destination_cidr_block=\"10.0.1.0/24\")\ninterface = aws.ec2.get_network_interface(id=route.network_interface_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var selected = Aws.Ec2.GetRouteTable.Invoke(new()\n {\n SubnetId = subnetId,\n });\n\n var route = Aws.Ec2.GetRoute.Invoke(new()\n {\n RouteTableId = selectedAwsRouteTable.Id,\n DestinationCidrBlock = \"10.0.1.0/24\",\n });\n\n var @interface = Aws.Ec2.GetNetworkInterface.Invoke(new()\n {\n Id = route.Apply(getRouteResult =\u003e getRouteResult.NetworkInterfaceId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\t_, err := ec2.LookupRouteTable(ctx, \u0026ec2.LookupRouteTableArgs{\n\t\t\tSubnetId: pulumi.StringRef(subnetId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\troute, err := ec2.LookupRoute(ctx, \u0026ec2.LookupRouteArgs{\n\t\t\tRouteTableId: selectedAwsRouteTable.Id,\n\t\t\tDestinationCidrBlock: pulumi.StringRef(\"10.0.1.0/24\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.LookupNetworkInterface(ctx, \u0026ec2.LookupNetworkInterfaceArgs{\n\t\t\tId: pulumi.StringRef(route.NetworkInterfaceId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetRouteTableArgs;\nimport com.pulumi.aws.ec2.inputs.GetRouteArgs;\nimport com.pulumi.aws.ec2.inputs.GetNetworkInterfaceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetId = config.get(\"subnetId\");\n final var selected = Ec2Functions.getRouteTable(GetRouteTableArgs.builder()\n .subnetId(subnetId)\n .build());\n\n final var route = Ec2Functions.getRoute(GetRouteArgs.builder()\n .routeTableId(selectedAwsRouteTable.id())\n .destinationCidrBlock(\"10.0.1.0/24\")\n .build());\n\n final var interface = Ec2Functions.getNetworkInterface(GetNetworkInterfaceArgs.builder()\n .id(route.applyValue(getRouteResult -\u003e getRouteResult.networkInterfaceId()))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n subnetId:\n type: dynamic\nvariables:\n selected:\n fn::invoke:\n function: aws:ec2:getRouteTable\n arguments:\n subnetId: ${subnetId}\n route:\n fn::invoke:\n function: aws:ec2:getRoute\n arguments:\n routeTableId: ${selectedAwsRouteTable.id}\n destinationCidrBlock: 10.0.1.0/24\n interface:\n fn::invoke:\n function: aws:ec2:getNetworkInterface\n arguments:\n id: ${route.networkInterfaceId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "`aws.ec2.Route` provides details about a specific Route.\n\nThis resource can prove useful when finding the resource associated with a CIDR. For example, finding the peering connection associated with a CIDR value.\n\n## Example Usage\n\nThe following example shows how one might use a CIDR value to find a network interface id and use this to create a data source of that network interface.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst selected = aws.ec2.getRouteTable({\n subnetId: subnetId,\n});\nconst route = aws.ec2.getRoute({\n routeTableId: selectedAwsRouteTable.id,\n destinationCidrBlock: \"10.0.1.0/24\",\n});\nconst _interface = route.then(route =\u003e aws.ec2.getNetworkInterface({\n id: route.networkInterfaceId,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\nselected = aws.ec2.get_route_table(subnet_id=subnet_id)\nroute = aws.ec2.get_route(route_table_id=selected_aws_route_table[\"id\"],\n destination_cidr_block=\"10.0.1.0/24\")\ninterface = aws.ec2.get_network_interface(id=route.network_interface_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var config = new Config();\n var subnetId = config.RequireObject\u003cdynamic\u003e(\"subnetId\");\n var selected = Aws.Ec2.GetRouteTable.Invoke(new()\n {\n SubnetId = subnetId,\n });\n\n var route = Aws.Ec2.GetRoute.Invoke(new()\n {\n RouteTableId = selectedAwsRouteTable.Id,\n DestinationCidrBlock = \"10.0.1.0/24\",\n });\n\n var @interface = Aws.Ec2.GetNetworkInterface.Invoke(new()\n {\n Id = route.Apply(getRouteResult =\u003e getRouteResult.NetworkInterfaceId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\t_, err := ec2.LookupRouteTable(ctx, \u0026ec2.LookupRouteTableArgs{\n\t\t\tSubnetId: pulumi.StringRef(subnetId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\troute, err := ec2.LookupRoute(ctx, \u0026ec2.LookupRouteArgs{\n\t\t\tRouteTableId: selectedAwsRouteTable.Id,\n\t\t\tDestinationCidrBlock: pulumi.StringRef(\"10.0.1.0/24\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.LookupNetworkInterface(ctx, \u0026ec2.LookupNetworkInterfaceArgs{\n\t\t\tId: pulumi.StringRef(route.NetworkInterfaceId),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport com.pulumi.aws.ec2.inputs.GetRouteTableArgs;\nimport com.pulumi.aws.ec2.inputs.GetRouteArgs;\nimport com.pulumi.aws.ec2.inputs.GetNetworkInterfaceArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var config = ctx.config();\n final var subnetId = config.get(\"subnetId\");\n final var selected = Ec2Functions.getRouteTable(GetRouteTableArgs.builder()\n .subnetId(subnetId)\n .build());\n\n final var route = Ec2Functions.getRoute(GetRouteArgs.builder()\n .routeTableId(selectedAwsRouteTable.id())\n .destinationCidrBlock(\"10.0.1.0/24\")\n .build());\n\n final var interface = Ec2Functions.getNetworkInterface(GetNetworkInterfaceArgs.builder()\n .id(route.applyValue(getRouteResult -\u003e getRouteResult.networkInterfaceId()))\n .build());\n\n }\n}\n```\n```yaml\nconfiguration:\n subnetId:\n type: dynamic\nvariables:\n selected:\n fn::invoke:\n function: aws:ec2:getRouteTable\n arguments:\n subnetId: ${subnetId}\n route:\n fn::invoke:\n function: aws:ec2:getRoute\n arguments:\n routeTableId: ${selectedAwsRouteTable.id}\n destinationCidrBlock: 10.0.1.0/24\n interface:\n fn::invoke:\n function: aws:ec2:getNetworkInterface\n arguments:\n id: ${route.networkInterfaceId}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getRoute.\n", "properties": { @@ -401169,7 +401169,7 @@ } }, "aws:ec2/getSpotDatafeedSubscription:getSpotDatafeedSubscription": { - "description": "\u003e There is only a single spot data feed subscription per account.\n\nData source for accessing an AWS EC2 (Elastic Compute Cloud) spot data feed subscription.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst default = aws.ec2.getSpotDatafeedSubscription({});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_spot_datafeed_subscription()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetSpotDatafeedSubscription.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupSpotDatafeedSubscription(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getSpotDatafeedSubscription();\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getSpotDatafeedSubscription\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "\u003e There is only a single spot data feed subscription per account.\n\nData source for accessing an AWS EC2 (Elastic Compute Cloud) spot data feed subscription.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = aws.ec2.getSpotDatafeedSubscription({});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_spot_datafeed_subscription()\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Ec2.GetSpotDatafeedSubscription.Invoke();\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupSpotDatafeedSubscription(ctx, map[string]interface{}{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ec2.Ec2Functions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = Ec2Functions.getSpotDatafeedSubscription();\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: aws:ec2:getSpotDatafeedSubscription\n arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "outputs": { "description": "A collection of values returned by getSpotDatafeedSubscription.\n", "properties": { @@ -404891,7 +404891,7 @@ } }, "aws:ecs/getCluster:getCluster": { - "description": "The ECS Cluster data source allows access to details of a specific\ncluster within an AWS ECS service.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecs-mongo = aws.ecs.getCluster({\n clusterName: \"ecs-mongo-production\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_mongo = aws.ecs.get_cluster(cluster_name=\"ecs-mongo-production\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ecs_mongo = Aws.Ecs.GetCluster.Invoke(new()\n {\n ClusterName = \"ecs-mongo-production\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.LookupCluster(ctx, \u0026ecs.LookupClusterArgs{\n\t\t\tClusterName: \"ecs-mongo-production\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.EcsFunctions;\nimport com.pulumi.aws.ecs.inputs.GetClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ecs-mongo = EcsFunctions.getCluster(GetClusterArgs.builder()\n .clusterName(\"ecs-mongo-production\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n ecs-mongo:\n fn::invoke:\n function: aws:ecs:getCluster\n arguments:\n clusterName: ecs-mongo-production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The ECS Cluster data source allows access to details of a specific\ncluster within an AWS ECS service.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecs_mongo = aws.ecs.getCluster({\n clusterName: \"ecs-mongo-production\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_mongo = aws.ecs.get_cluster(cluster_name=\"ecs-mongo-production\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ecs_mongo = Aws.Ecs.GetCluster.Invoke(new()\n {\n ClusterName = \"ecs-mongo-production\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.LookupCluster(ctx, \u0026ecs.LookupClusterArgs{\n\t\t\tClusterName: \"ecs-mongo-production\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.EcsFunctions;\nimport com.pulumi.aws.ecs.inputs.GetClusterArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ecs-mongo = EcsFunctions.getCluster(GetClusterArgs.builder()\n .clusterName(\"ecs-mongo-production\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n ecs-mongo:\n fn::invoke:\n function: aws:ecs:getCluster\n arguments:\n clusterName: ecs-mongo-production\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getCluster.\n", "properties": { @@ -405004,7 +405004,7 @@ } }, "aws:ecs/getContainerDefinition:getContainerDefinition": { - "description": "The ECS container definition data source allows access to details of\na specific container within an AWS ECS service.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecs-mongo = aws.ecs.getContainerDefinition({\n taskDefinition: mongo.id,\n containerName: \"mongodb\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_mongo = aws.ecs.get_container_definition(task_definition=mongo[\"id\"],\n container_name=\"mongodb\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ecs_mongo = Aws.Ecs.GetContainerDefinition.Invoke(new()\n {\n TaskDefinition = mongo.Id,\n ContainerName = \"mongodb\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.GetContainerDefinition(ctx, \u0026ecs.GetContainerDefinitionArgs{\n\t\t\tTaskDefinition: mongo.Id,\n\t\t\tContainerName: \"mongodb\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.EcsFunctions;\nimport com.pulumi.aws.ecs.inputs.GetContainerDefinitionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ecs-mongo = EcsFunctions.getContainerDefinition(GetContainerDefinitionArgs.builder()\n .taskDefinition(mongo.id())\n .containerName(\"mongodb\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n ecs-mongo:\n fn::invoke:\n function: aws:ecs:getContainerDefinition\n arguments:\n taskDefinition: ${mongo.id}\n containerName: mongodb\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "The ECS container definition data source allows access to details of\na specific container within an AWS ECS service.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecs_mongo = aws.ecs.getContainerDefinition({\n taskDefinition: mongo.id,\n containerName: \"mongodb\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_mongo = aws.ecs.get_container_definition(task_definition=mongo[\"id\"],\n container_name=\"mongodb\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var ecs_mongo = Aws.Ecs.GetContainerDefinition.Invoke(new()\n {\n TaskDefinition = mongo.Id,\n ContainerName = \"mongodb\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.GetContainerDefinition(ctx, \u0026ecs.GetContainerDefinitionArgs{\n\t\t\tTaskDefinition: mongo.Id,\n\t\t\tContainerName: \"mongodb\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.ecs.EcsFunctions;\nimport com.pulumi.aws.ecs.inputs.GetContainerDefinitionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var ecs-mongo = EcsFunctions.getContainerDefinition(GetContainerDefinitionArgs.builder()\n .taskDefinition(mongo.id())\n .containerName(\"mongodb\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n ecs-mongo:\n fn::invoke:\n function: aws:ecs:getContainerDefinition\n arguments:\n taskDefinition: ${mongo.id}\n containerName: mongodb\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getContainerDefinition.\n", "properties": { @@ -405983,7 +405983,7 @@ } }, "aws:eks/getAddonVersion:getAddonVersion": { - "description": "Retrieve information about a specific EKS add-on version compatible with an EKS cluster version.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nexport = async () =\u003e {\n const default = await aws.eks.getAddonVersion({\n addonName: \"vpc-cni\",\n kubernetesVersion: example.version,\n });\n const latest = await aws.eks.getAddonVersion({\n addonName: \"vpc-cni\",\n kubernetesVersion: example.version,\n mostRecent: true,\n });\n const vpcCni = new aws.eks.Addon(\"vpc_cni\", {\n clusterName: example.name,\n addonName: \"vpc-cni\",\n addonVersion: latest.version,\n });\n return {\n \"default\": _default.version,\n latest: latest.version,\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.eks.get_addon_version(addon_name=\"vpc-cni\",\n kubernetes_version=example[\"version\"])\nlatest = aws.eks.get_addon_version(addon_name=\"vpc-cni\",\n kubernetes_version=example[\"version\"],\n most_recent=True)\nvpc_cni = aws.eks.Addon(\"vpc_cni\",\n cluster_name=example[\"name\"],\n addon_name=\"vpc-cni\",\n addon_version=latest.version)\npulumi.export(\"default\", default.version)\npulumi.export(\"latest\", latest.version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Eks.GetAddonVersion.Invoke(new()\n {\n AddonName = \"vpc-cni\",\n KubernetesVersion = example.Version,\n });\n\n var latest = Aws.Eks.GetAddonVersion.Invoke(new()\n {\n AddonName = \"vpc-cni\",\n KubernetesVersion = example.Version,\n MostRecent = true,\n });\n\n var vpcCni = new Aws.Eks.Addon(\"vpc_cni\", new()\n {\n ClusterName = example.Name,\n AddonName = \"vpc-cni\",\n AddonVersion = latest.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"default\"] = @default.Apply(@default =\u003e @default.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version)),\n [\"latest\"] = latest.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := eks.GetAddonVersion(ctx, \u0026eks.GetAddonVersionArgs{\n\t\t\tAddonName: \"vpc-cni\",\n\t\t\tKubernetesVersion: example.Version,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlatest, err := eks.GetAddonVersion(ctx, \u0026eks.GetAddonVersionArgs{\n\t\t\tAddonName: \"vpc-cni\",\n\t\t\tKubernetesVersion: example.Version,\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewAddon(ctx, \"vpc_cni\", \u0026eks.AddonArgs{\n\t\t\tClusterName: pulumi.Any(example.Name),\n\t\t\tAddonName: pulumi.String(\"vpc-cni\"),\n\t\t\tAddonVersion: pulumi.String(latest.Version),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"default\", _default.Version)\n\t\tctx.Export(\"latest\", latest.Version)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.EksFunctions;\nimport com.pulumi.aws.eks.inputs.GetAddonVersionArgs;\nimport com.pulumi.aws.eks.Addon;\nimport com.pulumi.aws.eks.AddonArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = EksFunctions.getAddonVersion(GetAddonVersionArgs.builder()\n .addonName(\"vpc-cni\")\n .kubernetesVersion(example.version())\n .build());\n\n final var latest = EksFunctions.getAddonVersion(GetAddonVersionArgs.builder()\n .addonName(\"vpc-cni\")\n .kubernetesVersion(example.version())\n .mostRecent(true)\n .build());\n\n var vpcCni = new Addon(\"vpcCni\", AddonArgs.builder()\n .clusterName(example.name())\n .addonName(\"vpc-cni\")\n .addonVersion(latest.applyValue(getAddonVersionResult -\u003e getAddonVersionResult.version()))\n .build());\n\n ctx.export(\"default\", default_.version());\n ctx.export(\"latest\", latest.applyValue(getAddonVersionResult -\u003e getAddonVersionResult.version()));\n }\n}\n```\n```yaml\nresources:\n vpcCni:\n type: aws:eks:Addon\n name: vpc_cni\n properties:\n clusterName: ${example.name}\n addonName: vpc-cni\n addonVersion: ${latest.version}\nvariables:\n default:\n fn::invoke:\n function: aws:eks:getAddonVersion\n arguments:\n addonName: vpc-cni\n kubernetesVersion: ${example.version}\n latest:\n fn::invoke:\n function: aws:eks:getAddonVersion\n arguments:\n addonName: vpc-cni\n kubernetesVersion: ${example.version}\n mostRecent: true\noutputs:\n default: ${default.version}\n latest: ${latest.version}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieve information about a specific EKS add-on version compatible with an EKS cluster version.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nexport = async () =\u003e {\n const _default = await aws.eks.getAddonVersion({\n addonName: \"vpc-cni\",\n kubernetesVersion: example.version,\n });\n const latest = await aws.eks.getAddonVersion({\n addonName: \"vpc-cni\",\n kubernetesVersion: example.version,\n mostRecent: true,\n });\n const vpcCni = new aws.eks.Addon(\"vpc_cni\", {\n clusterName: example.name,\n addonName: \"vpc-cni\",\n addonVersion: latest.version,\n });\n return {\n \"default\": _default.version,\n latest: latest.version,\n };\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.eks.get_addon_version(addon_name=\"vpc-cni\",\n kubernetes_version=example[\"version\"])\nlatest = aws.eks.get_addon_version(addon_name=\"vpc-cni\",\n kubernetes_version=example[\"version\"],\n most_recent=True)\nvpc_cni = aws.eks.Addon(\"vpc_cni\",\n cluster_name=example[\"name\"],\n addon_name=\"vpc-cni\",\n addon_version=latest.version)\npulumi.export(\"default\", default.version)\npulumi.export(\"latest\", latest.version)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Aws.Eks.GetAddonVersion.Invoke(new()\n {\n AddonName = \"vpc-cni\",\n KubernetesVersion = example.Version,\n });\n\n var latest = Aws.Eks.GetAddonVersion.Invoke(new()\n {\n AddonName = \"vpc-cni\",\n KubernetesVersion = example.Version,\n MostRecent = true,\n });\n\n var vpcCni = new Aws.Eks.Addon(\"vpc_cni\", new()\n {\n ClusterName = example.Name,\n AddonName = \"vpc-cni\",\n AddonVersion = latest.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"default\"] = @default.Apply(@default =\u003e @default.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version)),\n [\"latest\"] = latest.Apply(getAddonVersionResult =\u003e getAddonVersionResult.Version),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := eks.GetAddonVersion(ctx, \u0026eks.GetAddonVersionArgs{\n\t\t\tAddonName: \"vpc-cni\",\n\t\t\tKubernetesVersion: example.Version,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlatest, err := eks.GetAddonVersion(ctx, \u0026eks.GetAddonVersionArgs{\n\t\t\tAddonName: \"vpc-cni\",\n\t\t\tKubernetesVersion: example.Version,\n\t\t\tMostRecent: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewAddon(ctx, \"vpc_cni\", \u0026eks.AddonArgs{\n\t\t\tClusterName: pulumi.Any(example.Name),\n\t\t\tAddonName: pulumi.String(\"vpc-cni\"),\n\t\t\tAddonVersion: pulumi.String(latest.Version),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"default\", _default.Version)\n\t\tctx.Export(\"latest\", latest.Version)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.eks.EksFunctions;\nimport com.pulumi.aws.eks.inputs.GetAddonVersionArgs;\nimport com.pulumi.aws.eks.Addon;\nimport com.pulumi.aws.eks.AddonArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = EksFunctions.getAddonVersion(GetAddonVersionArgs.builder()\n .addonName(\"vpc-cni\")\n .kubernetesVersion(example.version())\n .build());\n\n final var latest = EksFunctions.getAddonVersion(GetAddonVersionArgs.builder()\n .addonName(\"vpc-cni\")\n .kubernetesVersion(example.version())\n .mostRecent(true)\n .build());\n\n var vpcCni = new Addon(\"vpcCni\", AddonArgs.builder()\n .clusterName(example.name())\n .addonName(\"vpc-cni\")\n .addonVersion(latest.applyValue(getAddonVersionResult -\u003e getAddonVersionResult.version()))\n .build());\n\n ctx.export(\"default\", default_.version());\n ctx.export(\"latest\", latest.applyValue(getAddonVersionResult -\u003e getAddonVersionResult.version()));\n }\n}\n```\n```yaml\nresources:\n vpcCni:\n type: aws:eks:Addon\n name: vpc_cni\n properties:\n clusterName: ${example.name}\n addonName: vpc-cni\n addonVersion: ${latest.version}\nvariables:\n default:\n fn::invoke:\n function: aws:eks:getAddonVersion\n arguments:\n addonName: vpc-cni\n kubernetesVersion: ${example.version}\n latest:\n fn::invoke:\n function: aws:eks:getAddonVersion\n arguments:\n addonName: vpc-cni\n kubernetesVersion: ${example.version}\n mostRecent: true\noutputs:\n default: ${default.version}\n latest: ${latest.version}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getAddonVersion.\n", "properties": { @@ -410020,7 +410020,7 @@ } }, "aws:iam/getServerCertificate:getServerCertificate": { - "description": "Use this data source to lookup information about IAM Server Certificates.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst my-domain = aws.iam.getServerCertificate({\n namePrefix: \"my-domain.org\",\n latest: true,\n});\nconst elb = new aws.elb.LoadBalancer(\"elb\", {\n name: \"my-domain-elb\",\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"https\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: my_domain.then(my_domain =\u003e my_domain.arn),\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_domain = aws.iam.get_server_certificate(name_prefix=\"my-domain.org\",\n latest=True)\nelb = aws.elb.LoadBalancer(\"elb\",\n name=\"my-domain-elb\",\n listeners=[{\n \"instance_port\": 8000,\n \"instance_protocol\": \"https\",\n \"lb_port\": 443,\n \"lb_protocol\": \"https\",\n \"ssl_certificate_id\": my_domain.arn,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_domain = Aws.Iam.GetServerCertificate.Invoke(new()\n {\n NamePrefix = \"my-domain.org\",\n Latest = true,\n });\n\n var elb = new Aws.Elb.LoadBalancer(\"elb\", new()\n {\n Name = \"my-domain-elb\",\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"https\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = my_domain.Apply(my_domain =\u003e my_domain.Apply(getServerCertificateResult =\u003e getServerCertificateResult.Arn)),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmy_domain, err := iam.LookupServerCertificate(ctx, \u0026iam.LookupServerCertificateArgs{\n\t\t\tNamePrefix: pulumi.StringRef(\"my-domain.org\"),\n\t\t\tLatest: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancer(ctx, \"elb\", \u0026elb.LoadBalancerArgs{\n\t\t\tName: pulumi.String(\"my-domain-elb\"),\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(my_domain.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetServerCertificateArgs;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-domain = IamFunctions.getServerCertificate(GetServerCertificateArgs.builder()\n .namePrefix(\"my-domain.org\")\n .latest(true)\n .build());\n\n var elb = new LoadBalancer(\"elb\", LoadBalancerArgs.builder()\n .name(\"my-domain-elb\")\n .listeners(LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"https\")\n .lbPort(443)\n .lbProtocol(\"https\")\n .sslCertificateId(my_domain.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elb:\n type: aws:elb:LoadBalancer\n properties:\n name: my-domain-elb\n listeners:\n - instancePort: 8000\n instanceProtocol: https\n lbPort: 443\n lbProtocol: https\n sslCertificateId: ${[\"my-domain\"].arn}\nvariables:\n my-domain:\n fn::invoke:\n function: aws:iam:getServerCertificate\n arguments:\n namePrefix: my-domain.org\n latest: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Use this data source to lookup information about IAM Server Certificates.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst my_domain = aws.iam.getServerCertificate({\n namePrefix: \"my-domain.org\",\n latest: true,\n});\nconst elb = new aws.elb.LoadBalancer(\"elb\", {\n name: \"my-domain-elb\",\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"https\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: my_domain.then(my_domain =\u003e my_domain.arn),\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_domain = aws.iam.get_server_certificate(name_prefix=\"my-domain.org\",\n latest=True)\nelb = aws.elb.LoadBalancer(\"elb\",\n name=\"my-domain-elb\",\n listeners=[{\n \"instance_port\": 8000,\n \"instance_protocol\": \"https\",\n \"lb_port\": 443,\n \"lb_protocol\": \"https\",\n \"ssl_certificate_id\": my_domain.arn,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var my_domain = Aws.Iam.GetServerCertificate.Invoke(new()\n {\n NamePrefix = \"my-domain.org\",\n Latest = true,\n });\n\n var elb = new Aws.Elb.LoadBalancer(\"elb\", new()\n {\n Name = \"my-domain-elb\",\n Listeners = new[]\n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"https\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = my_domain.Apply(my_domain =\u003e my_domain.Apply(getServerCertificateResult =\u003e getServerCertificateResult.Arn)),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmy_domain, err := iam.LookupServerCertificate(ctx, \u0026iam.LookupServerCertificateArgs{\n\t\t\tNamePrefix: pulumi.StringRef(\"my-domain.org\"),\n\t\t\tLatest: pulumi.BoolRef(true),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancer(ctx, \"elb\", \u0026elb.LoadBalancerArgs{\n\t\t\tName: pulumi.String(\"my-domain-elb\"),\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t\u0026elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(my_domain.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetServerCertificateArgs;\nimport com.pulumi.aws.elb.LoadBalancer;\nimport com.pulumi.aws.elb.LoadBalancerArgs;\nimport com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var my-domain = IamFunctions.getServerCertificate(GetServerCertificateArgs.builder()\n .namePrefix(\"my-domain.org\")\n .latest(true)\n .build());\n\n var elb = new LoadBalancer(\"elb\", LoadBalancerArgs.builder()\n .name(\"my-domain-elb\")\n .listeners(LoadBalancerListenerArgs.builder()\n .instancePort(8000)\n .instanceProtocol(\"https\")\n .lbPort(443)\n .lbProtocol(\"https\")\n .sslCertificateId(my_domain.arn())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n elb:\n type: aws:elb:LoadBalancer\n properties:\n name: my-domain-elb\n listeners:\n - instancePort: 8000\n instanceProtocol: https\n lbPort: 443\n lbProtocol: https\n sslCertificateId: ${[\"my-domain\"].arn}\nvariables:\n my-domain:\n fn::invoke:\n function: aws:iam:getServerCertificate\n arguments:\n namePrefix: my-domain.org\n latest: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getServerCertificate.\n", "properties": { @@ -426833,7 +426833,7 @@ } }, "aws:secretsmanager/getSecret:getSecret": { - "description": "Retrieve metadata information about a Secrets Manager secret. To retrieve a secret value, see the `aws.secretsmanager.SecretVersion` data source.\n\n## Example Usage\n\n### ARN\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst by-arn = aws.secretsmanager.getSecret({\n arn: \"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_arn = aws.secretsmanager.get_secret(arn=\"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var by_arn = Aws.SecretsManager.GetSecret.Invoke(new()\n {\n Arn = \"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecret(ctx, \u0026secretsmanager.LookupSecretArgs{\n\t\t\tArn: pulumi.StringRef(\"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var by-arn = SecretsmanagerFunctions.getSecret(GetSecretArgs.builder()\n .arn(\"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n by-arn:\n fn::invoke:\n function: aws:secretsmanager:getSecret\n arguments:\n arn: arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Name\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst by-name = aws.secretsmanager.getSecret({\n name: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.secretsmanager.get_secret(name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var by_name = Aws.SecretsManager.GetSecret.Invoke(new()\n {\n Name = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecret(ctx, \u0026secretsmanager.LookupSecretArgs{\n\t\t\tName: pulumi.StringRef(\"example\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var by-name = SecretsmanagerFunctions.getSecret(GetSecretArgs.builder()\n .name(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n by-name:\n fn::invoke:\n function: aws:secretsmanager:getSecret\n arguments:\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Retrieve metadata information about a Secrets Manager secret. To retrieve a secret value, see the `aws.secretsmanager.SecretVersion` data source.\n\n## Example Usage\n\n### ARN\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst by_arn = aws.secretsmanager.getSecret({\n arn: \"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_arn = aws.secretsmanager.get_secret(arn=\"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var by_arn = Aws.SecretsManager.GetSecret.Invoke(new()\n {\n Arn = \"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecret(ctx, \u0026secretsmanager.LookupSecretArgs{\n\t\t\tArn: pulumi.StringRef(\"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var by-arn = SecretsmanagerFunctions.getSecret(GetSecretArgs.builder()\n .arn(\"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n by-arn:\n fn::invoke:\n function: aws:secretsmanager:getSecret\n arguments:\n arn: arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Name\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst by_name = aws.secretsmanager.getSecret({\n name: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.secretsmanager.get_secret(name=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var by_name = Aws.SecretsManager.GetSecret.Invoke(new()\n {\n Name = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecret(ctx, \u0026secretsmanager.LookupSecretArgs{\n\t\t\tName: pulumi.StringRef(\"example\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var by-name = SecretsmanagerFunctions.getSecret(GetSecretArgs.builder()\n .name(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n by-name:\n fn::invoke:\n function: aws:secretsmanager:getSecret\n arguments:\n name: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getSecret.\n", "properties": { @@ -426963,7 +426963,7 @@ } }, "aws:secretsmanager/getSecretVersion:getSecretVersion": { - "description": "Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the `aws.secretsmanager.Secret` data source.\n\n## Example Usage\n\n### Retrieve Current Secret Version\n\nBy default, this data sources retrieves information based on the `AWSCURRENT` staging label.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst secret-version = aws.secretsmanager.getSecretVersion({\n secretId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsecret_version = aws.secretsmanager.get_secret_version(secret_id=example[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_version = Aws.SecretsManager.GetSecretVersion.Invoke(new()\n {\n SecretId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecretVersion(ctx, \u0026secretsmanager.LookupSecretVersionArgs{\n\t\t\tSecretId: example.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var secret-version = SecretsmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()\n .secretId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n secret-version:\n fn::invoke:\n function: aws:secretsmanager:getSecretVersion\n arguments:\n secretId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Retrieve Specific Secret Version\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst by-version-stage = aws.secretsmanager.getSecretVersion({\n secretId: example.id,\n versionStage: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_version_stage = aws.secretsmanager.get_secret_version(secret_id=example[\"id\"],\n version_stage=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var by_version_stage = Aws.SecretsManager.GetSecretVersion.Invoke(new()\n {\n SecretId = example.Id,\n VersionStage = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecretVersion(ctx, \u0026secretsmanager.LookupSecretVersionArgs{\n\t\t\tSecretId: example.Id,\n\t\t\tVersionStage: pulumi.StringRef(\"example\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var by-version-stage = SecretsmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()\n .secretId(example.id())\n .versionStage(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n by-version-stage:\n fn::invoke:\n function: aws:secretsmanager:getSecretVersion\n arguments:\n secretId: ${example.id}\n versionStage: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n", + "description": "Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the `aws.secretsmanager.Secret` data source.\n\n## Example Usage\n\n### Retrieve Current Secret Version\n\nBy default, this data sources retrieves information based on the `AWSCURRENT` staging label.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst secret_version = aws.secretsmanager.getSecretVersion({\n secretId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsecret_version = aws.secretsmanager.get_secret_version(secret_id=example[\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var secret_version = Aws.SecretsManager.GetSecretVersion.Invoke(new()\n {\n SecretId = example.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecretVersion(ctx, \u0026secretsmanager.LookupSecretVersionArgs{\n\t\t\tSecretId: example.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var secret-version = SecretsmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()\n .secretId(example.id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n secret-version:\n fn::invoke:\n function: aws:secretsmanager:getSecretVersion\n arguments:\n secretId: ${example.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Retrieve Specific Secret Version\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst by_version_stage = aws.secretsmanager.getSecretVersion({\n secretId: example.id,\n versionStage: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_version_stage = aws.secretsmanager.get_secret_version(secret_id=example[\"id\"],\n version_stage=\"example\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var by_version_stage = Aws.SecretsManager.GetSecretVersion.Invoke(new()\n {\n SecretId = example.Id,\n VersionStage = \"example\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecretVersion(ctx, \u0026secretsmanager.LookupSecretVersionArgs{\n\t\t\tSecretId: example.Id,\n\t\t\tVersionStage: pulumi.StringRef(\"example\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.secretsmanager.SecretsmanagerFunctions;\nimport com.pulumi.aws.secretsmanager.inputs.GetSecretVersionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var by-version-stage = SecretsmanagerFunctions.getSecretVersion(GetSecretVersionArgs.builder()\n .secretId(example.id())\n .versionStage(\"example\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n by-version-stage:\n fn::invoke:\n function: aws:secretsmanager:getSecretVersion\n arguments:\n secretId: ${example.id}\n versionStage: example\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n", "inputs": { "description": "A collection of arguments for invoking getSecretVersion.\n", "properties": { diff --git a/provider/go.mod b/provider/go.mod index 7217c7a7530..5f909a5f8b8 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -16,9 +16,9 @@ require ( github.com/hashicorp/terraform-provider-aws v1.60.1-0.20220923175450-ca71523cdc36 github.com/mitchellh/go-homedir v1.1.0 github.com/pulumi/providertest v0.1.3 - github.com/pulumi/pulumi-terraform-bridge/v3 v3.100.0 + github.com/pulumi/pulumi-terraform-bridge/v3 v3.101.0 github.com/pulumi/pulumi/pkg/v3 v3.145.0 - github.com/pulumi/pulumi/sdk/v3 v3.145.0 + github.com/pulumi/pulumi/sdk/v3 v3.146.0 github.com/stretchr/testify v1.10.0 pgregory.net/rapid v0.6.1 ) @@ -498,3 +498,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect lukechampine.com/frand v1.4.2 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.146.1-0.20250121060027-dc18400ce9c3 + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.146.1-0.20250121060027-dc18400ce9c3 diff --git a/provider/go.sum b/provider/go.sum index 1182d2e091e..168c3524a33 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -2450,14 +2450,14 @@ github.com/pulumi/providertest v0.1.3 h1:GpNKRy/haNjRHiUA9bi4diU4Op2zf3axYXbga5A github.com/pulumi/providertest v0.1.3/go.mod h1:GcsqEGgSngwaNOD+kICJPIUQlnA911fGBU8HDlJvVL0= github.com/pulumi/pulumi-java/pkg v0.19.0 h1:T9kkGUQJV7UTxenw08m3txsgQkNVnZZxvn1zCcNjaE8= github.com/pulumi/pulumi-java/pkg v0.19.0/go.mod h1:YKYYFEb3Jvzf/dDJo0xOeEkIfBAMkkkdhXulauvEjmc= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.100.0 h1:L03nXHLprXuF0wIihoKFIjpE8oSPomiMayrRVDv1VgY= -github.com/pulumi/pulumi-terraform-bridge/v3 v3.100.0/go.mod h1:r+cxSrRxwCRbHMdKMKWU3NKDcUTm9xa9PcBDuHQnRkI= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.101.0 h1:LucjkMkSU2iMuMdLYhRaVDiCYbJ1Fqve/sMw+iffjEY= +github.com/pulumi/pulumi-terraform-bridge/v3 v3.101.0/go.mod h1:r+cxSrRxwCRbHMdKMKWU3NKDcUTm9xa9PcBDuHQnRkI= github.com/pulumi/pulumi-yaml v1.12.0 h1:ThJP+EBqeJyCnS6w6/PwcEFOT5o112qv0lObhefmFCk= github.com/pulumi/pulumi-yaml v1.12.0/go.mod h1:EhZd1XDfuLa15O51qVVE16U6r8ldK9mLIBclqWCX27Y= -github.com/pulumi/pulumi/pkg/v3 v3.145.0 h1:hAhFLieunnCKuMd3GbLqE5uWQ1hpNLdl6+bCDFSF4YQ= -github.com/pulumi/pulumi/pkg/v3 v3.145.0/go.mod h1:N19IsMJ3GyYO5N2JfpsCAVk0eH1NKkF05fZGn5dnhBE= -github.com/pulumi/pulumi/sdk/v3 v3.145.0 h1:r5iOgz67RElFXJt4GVVY2SBGh5sR24mL9NOcKBiBi/k= -github.com/pulumi/pulumi/sdk/v3 v3.145.0/go.mod h1:5pZySnw3RiQKddx8orThjEFmWsXkGAY3ktKOxZj2Ym4= +github.com/pulumi/pulumi/pkg/v3 v3.146.1-0.20250121060027-dc18400ce9c3 h1:Oqa6iFbNu8MKQxpefeTBGtfyim/SoDE7lDb1ENrffmg= +github.com/pulumi/pulumi/pkg/v3 v3.146.1-0.20250121060027-dc18400ce9c3/go.mod h1:LmyTEt+Ruv8qzIq2FBx1i7hyhAFxp2s0IZM2RMI99S0= +github.com/pulumi/pulumi/sdk/v3 v3.146.1-0.20250121060027-dc18400ce9c3 h1:la90ats8GRHjJCZX60zdyk5MrQpuEksLwCoy9G+V7RM= +github.com/pulumi/pulumi/sdk/v3 v3.146.1-0.20250121060027-dc18400ce9c3/go.mod h1:+WC9aIDo8fMgd2g0jCHuZU2S/VYNLRAZ3QXt6YVgwaA= github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQKpfZo= github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= diff --git a/sdk/go.mod b/sdk/go.mod index 380a920984e..8135ccbf4d0 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -1,6 +1,8 @@ module github.com/pulumi/pulumi-aws/sdk/v6 -go 1.21.12 +go 1.22 + +toolchain go1.22.11 require ( github.com/blang/semver v3.5.1+incompatible @@ -17,7 +19,7 @@ require ( dario.cat/mergo v1.0.0 // indirect github.com/BurntSushi/toml v1.2.1 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect - github.com/ProtonMail/go-crypto v1.0.0 // indirect + github.com/ProtonMail/go-crypto v1.1.3 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect @@ -29,13 +31,13 @@ require ( github.com/cheggaaa/pb v1.0.29 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect - github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/cyphar/filepath-securejoin v0.3.6 // indirect github.com/djherbis/times v1.5.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/fatih/color v1.16.0 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.5.0 // indirect - github.com/go-git/go-git/v5 v5.12.0 // indirect + github.com/go-git/go-billy/v5 v5.6.1 // indirect + github.com/go-git/go-git/v5 v5.13.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/glog v1.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -71,7 +73,7 @@ require ( github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.0.0 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect - github.com/skeema/knownhosts v1.2.2 // indirect + github.com/skeema/knownhosts v1.3.0 // indirect github.com/spf13/cast v1.4.1 // indirect github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect @@ -82,14 +84,14 @@ require ( github.com/zclconf/go-cty v1.13.2 // indirect go.uber.org/atomic v1.9.0 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect - golang.org/x/mod v0.18.0 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect + golang.org/x/mod v0.19.0 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/tools v0.22.0 // indirect + golang.org/x/tools v0.23.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240311173647-c811ad7063a7 // indirect google.golang.org/grpc v1.63.2 // indirect google.golang.org/protobuf v1.34.0 // indirect @@ -98,3 +100,7 @@ require ( lukechampine.com/frand v1.4.2 // indirect pgregory.net/rapid v0.6.1 // indirect ) + +replace github.com/pulumi/pulumi/pkg/v3 => github.com/pulumi/pulumi/pkg/v3 v3.146.1-0.20250121060027-dc18400ce9c3 + +replace github.com/pulumi/pulumi/sdk/v3 => github.com/pulumi/pulumi/sdk/v3 v3.146.1-0.20250121060027-dc18400ce9c3 diff --git a/sdk/go.sum b/sdk/go.sum index 508b6d1348a..251c66719f6 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -7,8 +7,8 @@ github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXY github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= -github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= +github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= @@ -25,7 +25,6 @@ github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiE github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= -github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/charmbracelet/bubbles v0.16.1 h1:6uzpAAaT9ZqKssntbvZMlksWHruQLNxg49H5WdeuYSY= github.com/charmbracelet/bubbles v0.16.1/go.mod h1:2QCp9LFlEsBQMvIYERr7Ww2H2bA7xen1idUDIzm/+Xc= github.com/charmbracelet/bubbletea v0.25.0 h1:bAfwk7jRz7FKFl9RzlIULPkStffg5k6pNt5dywy4TcM= @@ -34,36 +33,35 @@ github.com/charmbracelet/lipgloss v0.7.1 h1:17WMwi7N1b1rVWOjMT+rCh7sQkvDU75B2hbZ github.com/charmbracelet/lipgloss v0.7.1/go.mod h1:yG0k3giv8Qj8edTCbbg6AlQ5e8KNWpFujkNawKNhE2c= github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo= github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 h1:q2hJAaP1k2wIvVRd/hEHD7lacgqrCPS+k8g1MndzfWY= github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyphar/filepath-securejoin v0.3.6 h1:4d9N5ykBnSp5Xn2JkhocYDkOpURL/18CYMpo6xB9uWM= +github.com/cyphar/filepath-securejoin v0.3.6/go.mod h1:Sdj7gXlvMcPZsbhwhQ33GguGLDGQL7h7bg04C/+u9jI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/djherbis/times v1.5.0 h1:79myA211VwPhFTqUk8xehWrsEO+zcIZj0zT8mXPVARU= github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3ijQhA0= -github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= -github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= +github.com/elazarl/goproxy v1.2.3 h1:xwIyKHbaP5yfT6O9KIeYJR5549MXRQkoQMRXGztz8YQ= +github.com/elazarl/goproxy v1.2.3/go.mod h1:YfEbZtqP4AetfO6d40vWchF3znWX7C7Vd6ZMfdL8z64= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= -github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= -github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8= +github.com/gliderlabs/ssh v0.3.8 h1:a4YXD1V7xMF9g5nTkdfnja3Sxy1PVDCj1Zg4Wb8vY6c= +github.com/gliderlabs/ssh v0.3.8/go.mod h1:xYoytBv1sV0aL3CavoDuJIQNURXkkfPA/wxQ1pL1fAU= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= -github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= +github.com/go-git/go-billy/v5 v5.6.1 h1:u+dcrgaguSSkbjzHwelEjc0Yj300NUevrrPphk/SoRA= +github.com/go-git/go-billy/v5 v5.6.1/go.mod h1:0AsLr1z2+Uksi4NlElmMblP5rPcDZNRCD8ujZCRR2BE= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= -github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= +github.com/go-git/go-git/v5 v5.13.1 h1:DAQ9APonnlvSWpvolXWIuV6Q6zXy2wHbN4cVlNR5Q+M= +github.com/go-git/go-git/v5 v5.13.1/go.mod h1:qryJB4cSBoq3FRoBRf5A77joojuBcmPJ0qu3XXXVixc= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -130,8 +128,8 @@ github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= -github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= -github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS69fQMD+MNP1mRs6mBQc= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= @@ -151,8 +149,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.145.0 h1:r5iOgz67RElFXJt4GVVY2SBGh5sR24mL9NOcKBiBi/k= -github.com/pulumi/pulumi/sdk/v3 v3.145.0/go.mod h1:5pZySnw3RiQKddx8orThjEFmWsXkGAY3ktKOxZj2Ym4= +github.com/pulumi/pulumi/sdk/v3 v3.146.1-0.20250121060027-dc18400ce9c3 h1:la90ats8GRHjJCZX60zdyk5MrQpuEksLwCoy9G+V7RM= +github.com/pulumi/pulumi/sdk/v3 v3.146.1-0.20250121060027-dc18400ce9c3/go.mod h1:+WC9aIDo8fMgd2g0jCHuZU2S/VYNLRAZ3QXt6YVgwaA= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.4 h1:8TfxU8dW6PdqD27gjM8MVNuicgxIjxpm4K7x4jp8sis= @@ -167,8 +165,8 @@ github.com/santhosh-tekuri/jsonschema/v5 v5.0.0/go.mod h1:FKdcjfQW6rpZSnxxUvEA5H github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= -github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= +github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= +github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= github.com/spf13/cast v1.4.1 h1:s0hze+J0196ZfEMTs80N7UlFt0BDuQ7Q+JDnHiMWKdA= github.com/spf13/cast v1.4.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= @@ -182,8 +180,8 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o= @@ -194,7 +192,6 @@ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zclconf/go-cty v1.13.2 h1:4GvrUxe/QUDYuJKAav4EYqdM47/kZa672LwmXFmEKT0= github.com/zclconf/go-cty v1.13.2/go.mod h1:YKQzy/7pZ7iq2jNFzy5go57xdxdWoLLpaEp4u238AE0= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= @@ -202,40 +199,28 @@ go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -250,31 +235,18 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -283,10 +255,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=